Partly addresses pkg/25165.
From the package's NEWS file:
2.1.14 (20-Sep-2010)
Security
- Two potential XSS vulnerabilities have been identified and fixed.
New Features
- A new feature for controlling the addition/replacement of the Sender:
header in outgoing mail has been implemented. This allows a list owner
to set include_sender_header on the list's General Options page in the
admin GUI. The default for this setting is Yes which preserves the prior
behavior of removing any pre-existing Sender: and setting it to the
list's -bounces address. Setting this to No stops Mailman from adding or
modifying the Sender: at all.
Additionally, there is a new Defaults.py/mm_cfg.py setting
ALLOW_SENDER_OVERRIDES which defaults to Yes but which can be set to No
to remove the include_sender_header setting from General Options, and
thus preserve the prior behavior completely.
- Bounce processing has been enhanced so that if a bounce is returned to a
list from a non-member who is a member of a regular_include_list, the
bounce will be processed as a bounce for the included list.
i18n
- Fixed a missing format character in the German bin/mailmanctl docstring.
- Updated Dutch translation from Jan Veuger.
- Updated Japanese Translation from Tokio Kikuchi.
- Updated Finnish translation from Joni Töyrylä.
- Made a few corrections to some Polish templates. Bug #566731.
- Made a minor change to the Chinese (China) message catalog. Bug #545772.
- Changed a few DOCTYPE directives in templates for compliance.
Bug #500952 and Bug #500955.
Bug Fixes and other patches
- Made minor wording improvements and typo corrections in some messages.
Bug #426979.
- Fixed i18n._() to catch exceptions due to bad formats. Bug #632660.
- Fixed admindb interface to decode base64 and quoted-printable encoded
message body excerpts for display. Bug #629738.
- Fixed web CGI tracebacks to properly report sys.path. Bug #615114.
- Changed the member options login page unsubscribe request to include the
requesters IP address in the confirmation request. Bug #610527.
- Changed fix_url to lock the list if not locked. Bug #610364.
- Made a minor change to the English subscribeack.txt (welcome message)
template to emphasize that a password is only required to unsubscribe
*without confirmation*.
- Fixed an issue in admindb that could result in a KeyError and "we hit a
bug" response when a moderator acts on a post that had been handled by
someone else after the first moderator had retrieved it. Bug #598671.
- Fixed a bug which would fail to show a list on the admin and listinfo
overview pages if its web_page_url contained a :port. Bug # 597741.
- Fixed bin/genaliases to not throw TypeError when MTA = None.
Bug #587657.
- Provided the ability to specify in mm_cfg.py a local domain (e.g.
'localhost') for the local addresses in the generated virtual-mailman
when MTA = 'Postfix'. See VIRTUAL_MAILMAN_LOCAL_DOMAIN in Defaults.py.
Bug #328907.
- Made a minor change to the removal of an Approved: pseudo-header from
a text/html alternative to allow for an inserted '\xA0' before the
password.
- Fixed Content Filtering collapse_alternatives to work on deeply nested
multipart/alternative parts. Bug #576675.
- We now accept/remove X-Approved: and X-Approve: headers in addition to
Approved: and Approve: for pre-approving posts. Bug #557750.
- Reordered the 'cancel' and 'subscribe' buttons on the subscription
confirmation web page so the default action upon 'enter' will be the
subscribe button in browsers that pick the first button. Bug #530654.
- Fixed a bug in the admindb interface that could apply a moderator
action to a message not displayed. Bug #533468.
- Added a traceback to the log message produced when processing the
digest.mbox throws an exception.
- Added a urlhost argument to the MailList.MailList.Create() method to
allow bin/newlist and the the create CGI to pass urlhost so the host
will be correct in the listinfo link on the emptyarchive page.
Bug #529100.
- Added the List-Post header to the default list of headers retained in
messages in the MIME digest. Bug #526143.
- When daemonizing mailmanctl, we now ensure terminal files are closed.
- Fixed a bug in pipermail archiving that caused fallback threading by
subject to fail. Bug #266572.
- We now give an HTTP 401 status for authentication failures from admin,
admindb, private, options and roster CGIs, and an HTTP 404 status from
all the CGIs for an invalid list name.
- Backported the listinfo template change from the 2.2 branch to fix
Bug #514050.
- Fixed a bug where going to an archives/private/list.mbox/list.mbox URL
would result in a munged URL if authentication was required. Bug #266164.
- Fixed a bug where check_perms would throw an OSError if an entry in
Mailman's lists/ directory was not a directory. Bug #265613.
- Fixed a bug where a message with an Approved: header held by a handler
that precedes Approve (SpamDetect by default) would not have the
Approved: header removed if the held message was approved. Bug #501739.
2.1.13 (22-Dec-2009)
i18n
- Updated Dutch message catalog from Jan Veuger.
- Added Asturian translation from Marcos Costales and the Asturian
Language Team.
Bug Fixes and other patches
- Added "white-space: pre-wrap" style for <pre> tag in archives.
Bug #266467.
- Added vette logging for rejected and discarded (un)subscribe requests.
- Fixed a bug in admindb.py that could erroneously discard an unsubscribe
request as a duplicate.
- Decoded RFC 2047 encoded message subjects for a few reports.
Bug #266428.
- Fixed the French, Spanish and Hebrew translations which improperly
translated the 'coding:' line in bin/config_list output.
- Fixed the auto-responder to treat messages to -confirm, -join, -leave,
-subscribe and -unsubscribe as requests rather than posts. Bug #427962.
- Configure/make no longer builds Japanese and Korean codecs in
pythonlib if Python already has them.
- Inadvertently setting a null site or list password allowed access
to a list's web admin interface without authentication. Fixed by
not accepting null passwords.
- Changed VERP_CONFIRM_REGEXP in Defaults.py to work if the replying
MUA folds the To: header and in cases where the list name includes '+'.
- Fixed some paths in contrib/check_perms_grsecurity.py. Bug #411192.
- Replies to commands sent to list-request now come From: list-owner
instead of list-bounces.
- Mailman no longer folds long sub-part headers in multipart messages.
In addition, Mailman no longer escapes From_ lines in the body of
messages sent to regular list members, although MTA's may do it anyway.
This is to avoid breaking signatures per Bug #265967.
- XSS protection in the web interface went too far in escaping HTML
entities. Fixed.
- Removed or anonymized additional headers in posts to anonymous lists.
- Fixed a bug that could cause incorrect threading of replies to archived
messages that arrive with timestamps in the same second.
- Scrubbed HTML attachments containing tab characters would get the tabs
replaced by a string of ' ' without a semicolon. Fixed.
- Caught a TypeError in content filtering, collapse alternatives that
occurred with a malformed message if a multipart/alternative part
wasn't multi-part. Reported in comments to bug #266230.
- Fixed a few things in bin/update:
- Changed some old messages for more current meaning.
- Fixed qfiles update to not lose metadata from 2.1.5+ format entries.
- Fixed 2.0.x template migration to not die if the templates/ tree
contains subdirectories from a version control system.
- Fixed a bug that would show a list on the admin and listinfo overview
pages if its web_page_url host contained the current host as a
substring. Bug #342162.
- Fixed a bug in Utils.canonstr() that would throw a UnicodeDecodeError
if the string contained an HTML entity > 255 and also characters in the
128-255 range. Bug #341594.
- Added recognition for more bounces.
- Updated contrib/mmdsr to report preserved messages and to use mktemp to
create temp files.
Version 1.0.23:
- No significant changes.
Version 1.0.22:
- A new command 'received_header' with a corresponding '--received-header'
option allows to disable the default Received header if required.
- A new command 'passwordeval' with a corresponding '--passwordeval' option
allows to set the password to the output of a command.
Version 1.0.21:
- No significant changes.
Version 1.0.20:
- Added support for authentication mechanism SCRAM-SHA-1 via GNU SASL.
- The new command tls_fingerprint allows one to trust one particular TLS
certificate, in case tls_trust_file cannot be used for some reason.
- The new script mpop-gnome-tool.py manages Gnome Keyring passwords for mpop.
Version 1.0.19:
- When using OpenSSL, mpop now correctly handles NUL characters in the Common
Name and Subject Alternative Name fields of certificates. This fixes a
security problem. Note that mpop is not affected by this problem if GnuTLS is
used.
- Mpop can now handle mail boxes larger than 2 GiB on 32bit systems. Previously,
this only worked on 64bit systems.
Version 1.0.18:
- Delivery to MS Exchange pickup directories is now supported, thanks to Julien
Larigaldie.
Version 1.0.17:
- No significant changes.
Version 1.0.16:
- Mpop now also reads SYSCONFDIR/netrc if the password was not found in
~/.netrc.
- Support for the GNOME keyring was added by Satoru SATOH.
Version 1.0.15:
- This version fixes two bad bugs that prevented mpop from correctly retrieving
mails under certain cicumstances.
Version 1.0.14:
- The configuration command tls_crl_file was added. This allows to use
certificate revocation lists (CRLs) during certificate verification.
- The configuration command tls_min_dh_prime_bits was added. This is needed to
use TLS/SSL with servers that use a small Diffie-Hellman (DH) prime size.
- The configuration command tls_priorities was added. This allows to fine tune
TLS/SSL session parameters.
Version 1.0.13:
- Support for the Mac OS X keychain was added by Jay Soffian.
bugs and security fix release.
Changes to the Cyrus IMAP Server since 2.4.6
* Fixed Bug #3357 - lmtpd offering STARTTLS in pre-authorized mode.
* Fixed Bug #3392 - allowing INBOX.INBOX to be created if the case
didn't match
* Fixed Bug #3404 - incorrect LIST "" "user" response
* Fixed Bug #3417 - crash on zero-byte quota file
* Fixed numberous bugs with mailbox upgrades
* Fixed replication errors, which have been reported many times on
the mailing list, but don't have bug numbers.
* Increated "paranoia" about record ordering in mailbox, which would
have detected some bad bugs in replication that caused the infinite
runaway mailbox filling reported in 2.4.6 and below
* Increased syslogging detail about replication issues
* Fixed reconstruct crash with zero-byte index file
* Fixed cyradm perl library path finding
* Fixed incorrect use of LITERAL+ formats in our responses to
clients. Unreported, but could be causing wierd hard-to-track-down
bugs out there
* Fixed append immediately on create
* Upgraded Unicode database to version 6.0
* Fixed reconstruct crash on folder names with many digits (i.e. ebay
auction numbers)
* Fixed reconstruct crash with file called '0.'
* Made reconstruct '-n' option actually exist, as advertised in the
man page
* Fixed bug #3423 - STARTTLS plaintext command injection
vulnerability
* Bug #3382 Added "failedloginpause" config option
* Bugs #3383/3385 Removed some obsolete config options
* Bug #3389 $confdir/proc not created on the fly
* Bug #3394 fix imtest parsing of MECHLIST
* Bug #3399 fix with_ldap option default
* Bug #3307 fix mbpath crash on remote mailbox
* Bug #3420 use getpassphrase on Solaris, now passwords over 8
characters long work with cyrus tools
* Bug #3400 and others - lots of bugs with XFER between different
versions in murder clusters fixed, including a bug that caused only
mailboxes with zero messages to be rejected for upgrade
* Bug #3391 fix rename which just moves between partitions
* Bug #3103 fix imtest using plain authentication when it must not
* Bug #3426 fix TLS on sockets other than stdin
* Added support for BDB versions 5 and above
1. In addition to the existing LDAP and LDAP/SSL ("ldaps") support, there
is now LDAP/TLS support, given sufficiently modern OpenLDAP client
libraries. The following global options have been added in support of
this: ldap_ca_cert_dir, ldap_ca_cert_file, ldap_cert_file, ldap_cert_key,
ldap_cipher_suite, ldap_require_cert, ldap_start_tls.
2. The pipe transport now takes a boolean option, "freeze_signal", default
false. When true, if the external delivery command exits on a signal then
Exim will freeze the message in the queue, instead of generating a bounce.
3. Log filenames may now use %M as an escape, instead of %D (still available).
The %M pattern expands to yyyymm, providing month-level resolution.
4. The $message_linecount variable is now updated for the maildir_tag option,
in the same way as $message_size, to reflect the real number of lines,
including any header additions or removals from transport.
5. When contacting a pool of SpamAssassin servers configured in spamd_address,
Exim now selects entries randomly, to better scale in a cluster setup.
Postfix stable release 2.8.2 is available. This release has minor
fixes that are already in the experimental (2.9) release.
- Bugfix: postscreen DNSBL scoring error. When a client disconnected
and then reconnected before all DNSBL results for the earlier
session arrived, DNSBL results for the earlier session would be
added to the score for the later session. This is very unlikely
to have affected any legitimate mail.
- Workaround: the SMTP client did not support mail to [ipv6:ipv6addr].
- Portability: FreeBSD closefrom() was back-ported to FreeBSD 7,
breaking FreeBSD 7.x support retroactively.
- Portability: the SUN compiler had trouble with a pointer expression
of the form ``("text1" "text2") + constant'' so we don't try to
be so clever.
spamass-milter forks, allocates memory and then execs, violating
locking rules. This commit adds a patch from Juergen Hannken-Illjes
that moves the allocation above the fork.
TODO: upstream is recently alive again, after 5 years with no
releases. Push these fixes upstream.
Feature request #SF2964396: Allow SignHeaders, OmitHeaders and
SenderHeaders to be specified as deltas to the default lists.
Feature request #SF3053094: Correct documentation and improve function
of the AuthservID configuration setting. Requested by
Andreas Schulze.
Feature request #SF3060152: Add odkim.replace_header() function.
Feature request #SF3060161: Add odkim.del_header() function.
Feature request #SF3061189: Add new "quarantine" option to all the
various "On-" settings.
Feature request #SF3066104: Add "AnonymousDomains" configuration
option.
Feature request #SF3074290: Add _FFR_ATPS, experimental support for
draft-kucherawy-dkim-atps.
Feature request #SF3076684: Add "VBR-TrustedCertifiersOnly" flag.
Feature request #SF3080604: Add odkim.parse_field() function.
Requested by Todd Lyons.
Feature request #SF3081697: Add "OversignHeaders" configuration
option.
Feature request #SF3085536: Activate _FFR_STATS_I, providing
statistics reporting about use of "i=" in signatures.
Feature request #SF3096630: Add odkim.rbl_check() function.
Feature request #SF3097083: Make SigningTable accessible from Lua.
Feature request #SF3103095: Allow "%" in a KeyTable entry's filename
component as well as the domain name.
Feature request #SF3105480: Improved VBR correctness; don't conduct
VBR checks at all if there are disagreeing "mc" values in
multiple VBR-Info header fields.
Feature request #SF3106132: Allow "%" in a SigningTable's value.
Feature request #SF3109963: Add "MaximumSignaturesToVerify" setting.
Suggested by John Wood.
Feature request #SF3110593: Add compile-time support for GnuTLS as
an alternative to OpenSSL. Suggested by Alessandro Vesely.
Feature request #SF3136772: Sign the VBR-Info header field, if added.
Requested by Frederik Pettai.
Fix bug #SF3134119: With AutoRestart enabled, arrange to relay
SIGUSR1 from the parent to the child rather than terminating.
Reported by Yoshiaki Yanagihara.
Fix bug #SF3141313: Trim whitespace from values in in-core data
sets. Reported by Todd Lyons.
Fix bug #SF3156124: More robust handling of database disconnects.
Also add _FFR_POSTGRESQL_RECONNECT_HACK, which will hopefully
be temporary. Reported by Miha Vrhovnik.
Fix bug #SF3181180: Correct handling of quoted strings containing
parentheses (and the opposite) when parsing
Authentication-Results header fields. Reported by
Mark Martinec.
Fix back-compatibility with very old implementations of milter in MTAs.
Fix case-insensitive matching for domain names when doing signing
selection. Problem noted by John Espiro.
New configuration file options:
- "CaptureUnknownErrors", replacing the FFR of the same name
- "DNSConnect", requesting the resolver use TCP mode
- "KeepAuthResults", suppressing required removal of
Authentication-Results header fields
- "ResolverTracing", adding detailed logging of libar activity
- "StrictHeaders", requesing libopendkim to assert header
field counts according to the standards
- "UnboundConfigFile", passing a configuration file name to
libunbound (suggested by Andreas Schulze)
- "VBR-PurgeFields", removing "X-VBR-*" fields after using them
Trim whitespace from the end of all values in a config file, not just
strings. Problem noted by Reuben Farrelly.
Assume a default location for opendkim.conf. Suggested by Andreas
Schulze.
Don't needlessly demand milter features, causing aborts when they're
not available. Problem noted by Todd Lyons.
Make odkim.get_clienthost(), odkim.get_clientip() and
odkim.get_fromdomain() available in the final script.
When "SyslogSuccess" is active, log the selector and domain used.
Suggested by Miha Vrhovnik.
LIBAR: Feature request #SF3115073: Add flag for fine-grained activity
logging for debugging purposes.
LIBAR: Add support for using poll() instead of socket().
LIBOPENDKIM: Feature request #SF3087029: Add DKIM_LIBFLAGS_STRICTHDRS.
LIBOPENDKIM: Feature request #SF3089990: Add dkim_sig_getsignedhdrs().
LIBOPENDKIM: Fix bug #SF3079094: Have dkim_diffheaders() take
canonicalization into account when generating its results
to avoid false positives.
LIBOPENDKIM: Fix bug #SF3184670: Add error codes for missing and empty
"v=" tags, thus avoiding a possible assertion failure when
DKIM_LIBFLAGS_BADSIGHANDLES is in use. Reported by J. Coloos.
LIBOPENDKIM: Fix up handling of multi-TXT DNS replies inside
dkim_get_policy_dns().
LIBOPENDKIM: Add dkim_getid().
LIBOPENDKIM: Treat no answers as an NXDOMAIN with respect to
retrieving ADSP records.
LIBOPENDKIM: When an unexpected DNS type or class is received,
log the received values.
LIBVBR: Feature request #SF3105477: Copy the generic DNS work from
libopendkim.
STATS: Feature request #SF3085536: Activate _FFR_STATS_I, providing
statistics reporting about use of "i=" in signatures.
STATS: Feature request #SF3125701: Add "s=" key value tracking.
STATS: Feature request #SF3137445: Track key sizes. Suggested by
Todd Lyons.
MILTERTEST: When asserting negotiation state, don't forget to capture
what was negotiated.
TOOLS: Feature request #SF3106876: Amend opendkim-testkey to return
the DNSSEC results as well.
TOOLS: Fix bug #SF3143922: Command line parameters to opendkim-testkey
now override their configuration file counterparts.
TOOLS: Experimental new "opendkim-spam" tool to let users update a
stats database to indicate a message is spam, for possible
later correlation use.
BUILD: opendkim-genzone needs LIBCRYPTO_LDFLAGS. Reported by
John Smith.
Activate _FFR_CAPTURE_UNKNOWN_ERRORS.
* dotlock_use_excl setting's default was accidentally "no" in all
v2.0.x releases, instead of "yes" as in v1.1 and v1.2. Changed it
back to "yes".
- v2.0.10: LDAP support was broken
- v2.0.10: dsyncing to remote often hanged (timed out in 15 mins)
Chamges 2.0.10:
* LMTP: For user+detail at domain deliveries, the +detail is again written
to Delivered-To: header.
* Skip auth penalty checks from IPs in login_trusted_networks.
+ Added import_environment setting.
+ Added submission_host setting to send mails via SMTP instead of
via sendmail binary.
+ Added doveadm acl get/set/delete commands for ACL manipulation,
similar to how IMAP ACL extension works.
+ Added doveadm acl debug command to help debug and fix problems
with why shared mailboxes aren't working as expected.
- IMAP: Fixed hangs with COMPRESS extension
- IMAP: Fixed a hang when trying to COPY to a nonexistent mailbox.
- IMAP: Fixed hang/crash with SEARCHRES + pipelining $.
- IMAP: Fixed assert-crash if IDLE+DONE is sent in same TCP packet.
- LMTP: Fixed sending multiple messages in a session.
- doveadm: Fixed giving parameters to mail commands.
- doveadm import: Settings weren't correctly used for the
import storage.
- dsync: Fixed somewhat random failures with saving messages to
remote dsync.
- v2.0.9: Config reload didn't notify running processes with
shutdown_clients=no, so they could have kept serving new clients
with old settings.
* nearly 10 years forgotten to replace @x11prefix@ with @PREFIX@ in patch-at.
and no need to restrict to BSDs only in pkgsrc.
* regen patches with recent mkpatches(1).
* use SUBST to replace PREFIX.
* add user-destdir installation.
Bump PKGREVISION.
Mail::SPF is an object-oriented Perl implementation of the Sender Policy
Framework (SPF) e-mail sender authentication system.
See <http://www.openspf.org> for more information about SPF.
Postfix stable release 2.8.0 is available. This release continues the
move towards improving code and documentation, and making the system
better prepared for changes in the threat environment.
The postscreen daemon (a zombie blocker in front of Postfix) is now
included with the stable release. postscreen now supports TLS and can
log the rejected sender, recipient and helo information. See the
POSTSCREEN_README file for recommended usage scenarios.
Support for DNS whitelisting (permit_rhswl_client), and for pattern
matching to filter the responses from DNS white/blacklist servers
(e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]).
Improved message tracking across SMTP-based content filters; the
after-filter SMTP server can log the before-filter queue ID (the
XCLIENT protocol was extended).
Read-only support for sqlite databases. See sqlite_table(5) and
SQLITE_README.
Support for 'footers' that are appended to SMTP server "reject"
responses. See "smtpd_reject_footer" in the postconf(5) manpage.
This update was tested by Takahiro Kambe.
Fix bug #SF2903325: Clean up numerous signed vs. unsigned warnings.
Fix bug #SF3095782: When VBR is enabled, only perform a query when
the "md" domain in the VBR-Info header field matches the
"d" field for any valid signature.
Fix bug #SF3105993: Better handling of missing records in Lua DB
lookups.
When reading keys, ensure what's being read is a regular file and
not something else.
Complain if TrustAnchorFile names something that can't be opened
for reading.
LIBOPENDKIM: Don't complain about multiple records returned if one
of them was an RRSIG.
LIBAR: Rework some I/O logic to avoid a deadlock when the nameserver
becomes unresponsive during response processing.
BUILD: Move all scripts and executables except opendkim to a bin
directory for adminstrator convenience. They were previously in
the sbin directory.
BUILD: Fix bug #SF3101842: Fix opendkim-genzone build when OpenDBX
is in use.
BUILD: opendkim-testkey can require SASL build information when used
with OpenLDAP, or Lua information when built with Lua.
BUILD: Dissociate libopendkim and libunbound, as this is now handled
through the application rather than the library.
BUILD: Convert to using git for source code management.
STATS: Additional reporting improvements.
STATS: Fix bug #SF3107659: Add additional diagnostic output to
opendkim-importstats when malformed input is found.
TOOLS: Handle input generated with and without the _FFR_STATS_I
extensions.
2.2.1 2010/10/25
Avoid assertion failures when using "-V" and arlib.
Fix "refile" loading.
Fix collision between "ReputationRoot" and "StatisticsName" in the
configuration file.
Convert sender's domain name to lowercase prior to doing any database
queries with it. This was done before, but lost during the
database overhaul in 1.2.0.
Fix up Authentication-Results header field generation for VBR.
Reported by Fredrik Pettai.
Add _FFR_STATS_I enabling statistics reporting of "i=" signature
properties.
LIBOPENDKIM: Fix bug #SF3081964: dkim.h requires <sys/time.h>.
LIBOPENDKIM: Fix bug #SF3087251: Use thread-safe resolver functions
when avaialble.
LIBOPENDKIM: Cancel completed reputation queries.
LIBOPENDKIM: Simplify DKIM_OPTS_ALWAYSHDRS handling.
LIBAR: Fix bug #SF3080720: Don't compute timeouts based on completed
or dead queries.
LIBVBR: Fix some pointer errors causing false negatives.
TOOLS: Write "v=" tags in key records output by opendkim-genzone.
2.2.0 2010/10/03
Feature request #SF2874043: Add _FFR_ADSP_LISTS allowing control over
action taken when mail is sent to known lists from
ADSP "discardable" sources.
Feature request #SF2964366: Allow arbitrary data set operations
from inside Lua script hooks.
Feature request #SF2981598: Add "NoHeaderB" and "SingleAuthResult"
settings so that only one Authentication-Results header field
is added, and reduce its variability.
Feature request #SF3013084: Add "DomainKeysCompat" setting.
Feature request #SF3017358: Allow a token in the KeyTable that gets
replaced with the sender's domain name.
Feature request #SF3019876: Enable registration and use of generic
DNS functions.
Feature request #SF3021566: Change "ADSPDiscard" to "ADSPAction",
allowing selection of what action to take when a message is
determined by ADSP to be "discardable".
Feature request #SF3023232: Allow selection of a signer (for the
signature's "i=" tag) when calling odkim.sign() or via an
optional second parameter in the SigningTable.
Feature request #SF3024854: Always log a warning if a key file
has unsafe group/other read/write bits set. Further, if the
new "RequireSafeKeys" setting is true, refuse to use the data.
Feature request #SF3030548: Add _FFR_DEFAULT_SENDER, adding the
"DefaultSender" setting.
Feature request #SF3049483: Use ReportAddress for ADSP Reports and for
the sender envelope address.
Feature request #SF3056571: Extend signer selection in the SigningTable
to include a token that will be replaced by the From:
domain.
Feature request #SF3062077: Allow the specification of additional
recipients when delivering DKIM/ADSP failure reports through
a new ReportBccAddress configuration option.
Fix bug #SF3004995: Don't apply "SenderHeaders" to the library
as that impacts how ADSP works.
Fix bug #SF3025856: Fix "AllowSHA1Only", which was not working at all.
Fix bug #SF3037504: Rework database schema and tools to meet revised
reporting requirements.
Fix bug #SF3051536: Allow disabling of reputation queries.
Fix bug #SF3058204: Fix numerous possible double-free() incidents in
dkimf_config_free().
Fix PeerList to work with IPv6 addresses.
Fix loop boundary check in dkimf_db_close().
Fix assertion failure in dkimf_db_get() when used with a "match both"
operation.
Fix "LocalADSP", which was not working at all.
Fix some Lua test mode logic and a build issue that prevented
"ScreenPolicyScript" from working.
Added MTACommand for overriding default (mainly for testing).
Ignore "Domain" and "Selector" settings if "KeyTable" is set.
Add "On-PolicyError" to configuration tables.
Don't automatically temp-fail messages bearing signatures that
reference revoked keys.
Some fixes to the "final" Lua script self-test code.
Include libmilter version in "-V" output.
Single-thread DB queries done via OpenDBX handles as they can't be
used to do parallel queries.
Attempt to reconnect after SQL disconnections.
Revise text/plain portion of policy reports.
Fix up DSN parsing so that it is not needlessly restrictive.
Add _FFR_STATSEXT: Allows arbitrary local extensions to statistics
gathering via a fourth Lua script that can cause the
generation of additional SQL insertion operations.
LIBOPENDKIM: Feature request #SF3026287: Add dkim_getuser() function.
LIBOPENDKIM: Feature request #SF3065035: Apply library query
configuration to ADSP lookups as well, mainly to support
auotmated testing.
LIBOPENDKIM: Fix bug #SF3071368: Fix tiny memory leak in dkim_init().
LIBOPENDKIM: Fix bug #SF3051762: Don't error out of dkim_get_key()
when in test mode by testing signature-specific features when
against dummy data.
LIBOPENDKIM: Don't build against pthread libraries if not needed.
LIBOPENDKIM: Add dkim_get_signer(), dkim_policy_state_new() and
dkim_policy_state_free().
LIBOPENDKIM: Don't assert a "g=" default when processing keys so that
statistics reporting can tell whether or not it was originally
there.
LIBOPENDKIM: Minor fix to internal state machine when dealing with
unsigned messages.
LIBOPENDKIM: Rename DKIM_PRESULT_AUTHOR to DKIM_PRESULT_FOUND.
LIBOPENDKIM: Improved error reporting from dkim_ohdrs().
LIBOPENDKIM: Improved re-entrancy of dkim_eoh_verify().
LIBOPENDKIM: Undefine DKIM_FEATURE_ASYNC_DNS (obsolete).
MILTERTEST: Feature request #SF3005002: Enable testing of
"unspecified" protocol family connections.
MILTERTEST: Add "-u" option to report resource usage statistics on
completion.
MILTERTEST: Add mt.signal() to allow signaling of filters for things
like configuration file reloads.
MILTERTEST: Enhance mt.connect() to accept optional retry and interval
arguments.
MILTERTEST: Add "-w" option to request no waiting for the child process
to exit and report status.
MILTERTEST: Allow partial seconds argument to mt.sleep().
TOOLS: Feature request #SF3004335: Add support to opendkim-testkey
to get configuration file values and validate an entire
KeyTable.
TOOLS: Update opendkim-genkeys script to support
draft-ietf-marf-dkim-reporting.
TOOLS: Flip logic of "-a" flag to opendkim-stats.
TOOLS: Fix bug #SF3037452: Change owner/group/mode of stats database
when resetting it to whatever the replaced file had.
CONTRIB: Add opendkim-reportstats, contributed by John Wood.
BUILD: Fix --with-db.
Activate _FFR_ZTAGS.
This update release fixes some bugs discovered with the 0.5 stable version and
also improves security by preventing some possible CSRF attacks. IDNA support
has now been improved and some visual glitches in IE and Safari have been
resolved.
== [release-1-6-5] 1.6.5: 2011-01-26
A bug fix release of 1.6.4.
=== milter manager
==== Fixes
* Fixed a bug that "Sendmail Compatible" applicable
condition doesn't set applicable if_addr and id_name
macro value.
[Patch by Kenji Shiono]
* Fixed a crash bug that may be caused SMTP client
disconnection is detected.
[Reported by Kenji Shiono]
=== milter-manager-log-analyzer
==== Improvements
* Supported parsing Authentication-Results added by ENMA.
=== Ruby milter
==== Improvements
* Supported effective user and group change.
=== Thanks
* Kenji Shiono
Changed read_file() to return the number of usable lines read, instead of the
total number of lines (including comments and whitespace).
Fixed a huge thinko in many calls to read_file() -- when the function returns
0, the returned value is NULL. This was causing spamdyke to crash when no
content was read from files by "dns-blacklist-file", "dns-whitelist-file",
"rhs-blacklist-file", "rhs-whitelist-file" and "hostname-file". Thanks
to David Stiller for reporting this one and providing a lot of help in
tracking it down.
Added the option "tls-cipher-list" for specifying the list of ciphers to use
in SSL/TLS connections. This won't be an option many people will ever use,
but in specific setups it is required. Thanks to Chris Boulton for
suggesting this one and producing a patch to implement it.
Added a new value to "tls-level": "smtp-no-passthrough" to allow spamdyke to
offer TLS but prevent it from passing TLS through to qmail if the SSL
library cannot be initialized for some reason.
Fixed a bug in smtp_filter that allowed open relaying when spamdyke was
configured with "local-domains-entry" instead of "local-domains-file".
Moved code from do_spamdyke() that set stdin and stdout sockets to
non-blocking into tls_read() and tls_write() instead. Setting the sockets
to non-blocking through the entire run was causing some strange behavior
where logging would stop after a series of large inputs.
Refactored the address parser (yet again) to fix a bug that wasn't handling
routing addresses properly. Thanks to Chris Boulton for reporting this one.
Fixed process_config_file() to not reset a "multiple" value to default if it
was deliberately cleared during configuration.
Fixed prepare_settings() to initialize all default values before processing
the command line or configuration files so a "multiple" value can be cleared
during configuration.
Fixed configure.ac to use a gcc #pragma command to treat format warnings as
errors instead of relying on AC_LANG_WERROR (which doesn't always work).
Added the options "dns-query-type-a", "dns-query-type-mx",
"dns-query-type-ptr" and "dns-query-type-rbl" to limit the types of DNS
queries that can be sent for different purposes. Thanks to Teodor Milkov
for suggesting this one.
Fixed a bug that caused a timeout whenever a post-RCPT filter is triggered
on a non-local address. spamdyke is supposed to close the connection to
qmail and wait for its exit, but instead was just waiting for its exit,
leading to unnecessary timeouts. Thanks to Ulrich C. Manns for reporting
this one.
Fixed a typo in policy.php.example. Thanks to Richard Lamse for reporting
this one.
Fixed compiler warnings on Fedora 11. Thanks to Ertan Orhan for reporting
this one.
Fixed a bug in sendrecv where an uninitialized variable was causing erroneous
stalls and timeouts in CentOS 5.5.
Changelog:
Version 1.4.23:
- Fix SCRAM-SHA-1 authentication via libgsasl. Reported and analyzed by
Steffen Lehmann for mpop.
Version 1.4.22:
- Update gnulib to 2010-12-23.
- Avoid different account selection behaviour in --pretend mode, and print more
informational messages about account selection in --pretend and --debug mode.
Suggested by Adam Spiers.
- Add a new passwordeval command and --passwordeval option, to set the password
from the output of a command. Written by Martin Stenberg.
- A few documentation improvements, suggested by Andries E. Brouwer.
default in mk/defaults/mk.conf
remove the non-shared defaults and put in the setting that actually gets
used by more than one package (namely, MAJORDOMO_HOMEDIR)
don't make the majordom user own more than it actually needs to
make resend, archive, request-answer and medit honor the MAJORDOMO_CF
environment variable over the command line option, so that someone calling
these via the wrapper (which sets the environment variable) can't make
the majordom user execute random perl code by specifying it as config file.
Thanks to salo for finding this issue.
== Wed 26 Jan 2011 02:23:09 UTC Mikel Lindsaar <mikel@rubyx.com>
* Update addresses passed into sendmail to escape them (Andy Lindeman)
* Version bump to 2.2.15 and gem release
2.70 (2010-12-21)
* Improved handling of given feed email addresses to prevent mail
servers rejecting poorly formed Froms
* Added X-RSS-TAGS header that lists any tags provided by an entry,
which will be helpful in filtering incoming messages
2.69 (2010-11-12)
* Added support for connecting to SMTP server via SSL, see SMTP_SSL option
* Improved backwards compatibility by fixing issue with listing
feeds when run with older Python versions
* Added selective feed email overrides through OVERRIDE_EMAIL and
DEFAULT_EMAIL options
* Added NO_FRIENDLY_NAME to from from address only without the friendly name
* Added X-RSS-URL header in each message with the link to the original item
2.68 (2010-10-01)
* Added ability to pause/resume checking of individual feeds through
pause and unpause commands
* Added ability to import and export OPML feed lists through
importopml and exportopml commands
2.67 (2010-09-21)
* Fixed entries that include an id which is blank (i.e., an empty
string) were being resent
* Fixed some entries not being sent by email because they had bad From headers
* Fixed From headers with HTML entities encoded twice
* Compatibility changes to support most recent development versions
of feedparser
* Compatibility changes to support Google Reader feeds
2.66 (2009-12-21)
* Complete packaging of all necessary source files (rss2email,
html2text, feedparser, r2e, etc.) into one bundle
* Included a more complete config.py with all options
* Default to HTML mail and CSS results
* Added 'reset' command to erase history of already seen entries
* Changed project email and homepage
* Made exception and error output text more useful
* Added X-RSS-Feed and X-RSS-ID headers to each email for easier filtering
* Improved enclosure handling
* Fixed MacOS compatibility issues
== [release-1-6-4] 1.6.4: 2011-01-21
A bug fix release of 1.6.3.
=== milter-client
==== Fixes
* Used event loop usage as before when event loop backend
is GLib.
== [release-1-6-3] 1.6.3: 2011-01-20
A performance improvement release. This release includes
a few performance improvement features but they are marked
'experimental'. They will be 'stable' feature in 1.8.0.
=== milter manager
==== Improvements
* Upgraded bundled Ruby/GLib2 to 0.90.5 from 0.19.4.
* Supported Ruby 1.9.2.
* Added
((<manager.fallback_status|configuration.rd.ja#manager.fallback_status>))
that specifies a status returned to SMTP server on
internal error.
* Added
((<manager.fallback_status_at_disconnect|configuration.rd.ja#manager.fallback_status_at_disconnect>))
that specifies a status returned to SMTP server when
disconnection is detected. [Suggested by Kenji Shiono]
* Added DATA event emuration that is enabled when SMTP
server uses milter protocol version 3 or smaller.
* Added
((<manager.event_loop_backend|configuration.rd.ja#manager.event_loop_backend>))
that specifies event loop backend. (experimiental)
* Added
((<manager.n_workers|configuration.rd.ja#manager.n_workers>))
that specifies number of worker processes. (experimental)
* Added
((<manager.packet_buffer_size|configuration.rd.ja#manager.packet_buffer_sizea>))
that specifies buffer size for send packets. (experimental)
==== Fixes
* Fixed a bug that
((<manager.use_netstat_connection_checker|configuration.rd.ja#manager.use_netstat_connection-checker>))
doesn't work with Postfix 2.3. [Reported by Kenji Shiono]
* Fixed a DATA event timing when some child milters exist.
[Reported by Kenji Shiono]
=== Document
==== Improvements
* Described about Postfix's {client_addr}. [Reported by Kenji Shiono]
=== milter-client
==== Improvements
* Supported multi process. (experimental)
* Supported libev as event loop backend. (experimental)
* Bundled libev 4.03.
* Made write asyncronize.
* Supported send packets buffering. (experimental)
=== milter-server
==== Improvements
* Added more condition checks on evnets.
==== Fixes
* Fixed a bug that timeout detection doesn't work.
[Reported by Kenji Shiono]
=== Ruby milter
==== Improements
* Added ruby-milter.pc.
* Added --packet-buffer-size option that specifies send
packet buffer size. (experimental)
* Added --n-workers option thst specifies number of worker
processes. (epxerimental)
* Added --event-loop-backend option that specifies event
loop backend. (experimental)
=== milter-test-client
==== Improvements
* Added
((<--n-workers|milter-test-client#--n-workers>)) option
that specifies number of worker processes. (experimental)
* Added
((<--event-loop-backend|milter-test-client#--event-loop-backend>))
option that specifies event loop backend. (experimental)
* Added
((<--packet-buffer-size|milter-test-client#--packet-buffer-size>))
option that specifies send packets buffer size. (experimental)
=== milter-performance-check
==== Improvements
* Added
((<--n-additional-lines|milter-performance-check#--n-additional-lines>))
option that grows body size.
* Added
((<--report-failure-responses|milter-performance-check#--report-failure-responses>))
option that enables failure SMTP sesseion response
report on the last.
* Added
((<--report-periodically|milter-performance-check#--report-periodically>))
option that enables periodical statistics report.
* Added
((<--flood|milter-performance-check#--flood>))
option that enables flood mood that sends flood of mails
in specified period.
=== milter-report-statistics
==== Improvements
* Added: ((<milter-report-statistics.rd.ja>))
=== Packet
* Updated package repository RPM for CentOS: 1.0.0-0 -> 1.0.0-1.
=== Thanks
* Kenji Shiono
* Failure to get a lock on a hints database can have serious
consequences so log it to the panic log.
* Log LMTP confirmation messages in the same way as SMTP,
controlled using the smtp_confirmation log selector.
* Include the error message when we fail to unlink a spool file.
* Bugzilla 139: Support dynamically loaded lookups as modules.
* Bugzilla 139: Documentation and portability issues.
Avoid GNU Makefile-isms, let Exim continue to build on BSD.
Handle per-OS dynamic-module compilation flags.
* Let /dev/null have normal permissions.
The 4.73 fixes were a little too stringent and complained about the
permissions on /dev/null. Exempt it from some checks.
* Report version information for many libraries, including
Exim version information for dynamically loaded libraries. Created
version.h, now support a version extension string for distributors
who patch heavily. Dynamic module ABI change.
* CVE-2011-0017 - check return value of setuid/setgid. This is a
privilege escalation vulnerability whereby the Exim run-time user
can cause root to append content of the attacker's choosing to
arbitrary files.
* Bugzilla 1041: merged DCC maintainer's fixes for return code.
* Bugzilla 1071: fix delivery logging with untrusted macros.
If dropping privileges for untrusted macros, we disabled normal logging
on the basis that it would fail; for the Exim run-time user, this is not
the case, and it resulted in successful deliveries going unlogged.
* Linux: Fixed a high system CPU usage / high context switch count
performance problem
* Maildir: Avoid unnecessarily reading dovecot-uidlist while opening
mailbox.
* Maildir: Fixed renaming child mailboxes when namespace had a prefix.
* mdbox: Don't leave partially written messages to mdbox files when
aborting saving.
* Fixed master user logins when using userdb prefetch
* lda: Fixed a crash when trying to send "out of quota" reply
* lmtp: If delivering duplicate messages to same user's INBOX,
create different GUIDs for them. This helps to avoid duplicate
POP3 UIDLs when pop3_uidl_format=%g.
* virtual storage: Fixed saving multiple mails in a transaction
(e.g. copy multiple messages).
* dsync: Saved messages' save-date was set to 1970-01-01.
- Fix double-login/session issue
- Wrap HTML parts with <html><body> and add Doctype declaration
- Make rcube_autoload silently skip unknown classes
- Fix charset detection in vcards with encoded values
- Better CSS cursors for splitters
- Show the same message only once
- Fix namespaces handling
- Add handling of multifolder METADATA/ANNOTATION responses
- Fix handling of INBOX when personal namespace prefix is non-empty
- Fix handling square brackets in links
- Add description of 'use_https' option in main.inc.php.dist file
* Date: & Message-Id: revert to normally being appended to a message,
only prepend for the Resent-* case. Fixes regression introduced in
Exim 4.70 by NM/22 for Bugzilla 607.
* Include check_rfc2047_length in configure.default because we're seeing
increasing numbers of administrators be bitten by this.
* Added DISABLE_DKIM and comment to src/EDITME
* Bugzilla 994: added openssl_options main configuration option.
* Bugzilla 995: provide better SSL diagnostics on failed reads.
* Bugzilla 834: provide a permit_coredump option for pipe transports.
* Adjust NTLM authentication to handle SASL Initial Response.
* If TLS negotiated an anonymous cipher, we could end up with SSL but
without a peer certificate, leading to a segfault because of an
assumption that peers always have certificates. Be a little more paranoid.
* Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content
filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes
NB: ClamAV planning to remove STREAM in "middle of 2010".
CL also introduces -bmalware, various -d+acl logging additions and
more caution in buffer sizes.
* Implemented reverse_ip expansion operator.
* Bugzilla 937: provide a "debug" ACL control.
* Bugzilla 922: Documentation dusting, patch provided by John Horne.
* Bugzilla 973: Implement --version.
* Bugzilla 752: Refuse to build/run if Exim user is root/0.
* Build without WITH_CONTENT_SCAN. Path from Andreas Metzler.
* Bugzilla 816: support multiple condition rules on Routers.
* Add bool_lax{} expansion operator and use that for combining multiple
condition rules, instead of bool{}. Make both bool{} and bool_lax{}
ignore trailing whitespace.
* prevent non-panic DKIM error from being sent to paniclog
* added tcp_wrappers_daemon_name to allow host entries other than
"exim" to be used
* Fix malware regression for cmdline scanner introduced in PP/08.
Notification from Dr Andrew Aitchison.
* Change ClamAV response parsing to be more robust and to handle ClamAV's
ExtendedDetectionInfo response format.
* OpenSSL 1.0.0a compatibility const-ness change, should be backwards
compatible.
Problems fixed:
#32080 Specially crafted <base href> can lead to XSS exploit
#32032 TextEncode related resource information not saved correctly in db file
#32014 CVE-2010-1677: DoS when processing html messages with deep tag nesting
#32013 CVE-2010-4524: Improper escaping of certain HTML sequences (XSS)
#26577 Changed semantic for unpack breaks UTF-8
#25486 Resource FieldStore causes .mhonarc.db to grow over bounds.
#25225 dir_create() fails to make temporary directories (PATCH)
#24247 iso2022jp.pl: unneeded ESC ( B remains in message body
#23198 Incorrect Setting Installation Directory
#20142 strip backslash in rfc822 From: field
#20074 extra space in subject
#18908 X-Subject data get split in separate lines
#18113 inconsistant thread slices w/ poor man's windowing
#17904 FieldOrder affects AddressModifyCode
#17860 incorrect nested HTML Tags for references
#17660 Threaded index resource ordering doesn't allow well formed XML output
#15433 relative attachmentdir is relative to current working dir, not outdir
#14747 major (10X) memory savings possible in some situations
#13853 creation of archive with attachments writes over symlinks
alternative from mk/jpeg.buildlink3.mk
This allows selection of an alternative jpeg library (namely the x86 MMX,
SSE, SSE2 accelerated libjpeg-turbo) via JPEG_DEFAULT=libjpeg-turbo, and
follows the current standard model for alternatives (fam, motif, fuse etc).
The mechanical edits were applied via the following script:
#!/bin/sh
for d in */*; do
[ -d "$d" ] || continue
for i in "$d/"Makefile* "$d/"*.mk; do
case "$i" in *.orig|*"*"*) continue;; esac
out="$d/x"
sed -e 's;graphics/jpeg/buildlink3\.mk;mk/jpeg.buildlink3.mk;g' \
-e 's;BUILDLINK_PREFIX\.jpeg;JPEGBASE;g' \
< "$i" > "$out"
if cmp -s "$i" "$out"; then
rm -f "$out"
else
echo "Edited $i"
mv -f "$i" "$i.orig" && mv "$out" "$i"
fi
done
done
1.5.5 2010-12-02 03:45 UTC
Changelog:
Minor Bug fix release.
#17959 - Boundaries ending with non-word characters - patch by Alex Adriaanese
------ - ignore whitespace and trailing cr/lf in last section of split
------ - correct spacing on multi-line headers. now only striped for encoded data. (on previous line)
Changes to the Cyrus IMAP Server since 2.4.5
* Fixed Bug #3370 - corruption on OpenBSD and other systems without a
reliable mmap
* Fixed Bug #3360 - race condition which could lose seen data on XFER
with upgrade
* Lots of documentation updates
* Fixed Bug #3355 - added an option to suppress items from the
capability response (and bug #3356 when the first attempt was
buggy)
* Fixed Bug #3357 - crash when calling ctl_mboxlist on mailboxes with
annotations
* Fixed Bug #3369 - crash when undumping mailbox during XFER
* Fixed Bug #3361 - shared folders not listing in LSUB "" % - only
with unixheirsep and altnamespace
* Fixed Bug #3362 - "too many open files" when doing XFER of a user
with too many sub mailboxes. Makes XFER less "atomic", but now it
works, which is good!
* Fixed Bug #3313 - md5 library usage. Properly this time!
- Several fixes to improve performance, stability and security
- Several fixes to improve handling of large folder files stored locally.
- Several fixes to improve corruption in local copy of IMAP mailboxes.
- MFSA 2010-78 Add support for OTS font sanitizer
- MFSA 2010-75 Buffer overflow while line breaking after document.write
with long string
- MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
* LDA Sieve plugin: started using Dovecot LDA reject API for the
reject extension. This means that the LDA reject_reason and
reject_subject settings now also work for Pigeonhole's LDA Sieve
plugin.
* Did some work on the new sieve-filter tool. It is mostly
functional, but it is not finished yet.
* Dovecot change: services' default vsz_limits weren't being enforced
correctly in earlier v2.0 releases. Now that they are enforced, you
might notice that the default limits are too low and you need to
increase them. This problem will show up in logs as "out of memory"
errors. See default_vsz_limit and service { vsz_limit } settings.
- Imap4flags: fixed segfault bug occurring in multiscript context.
- Added version checking to the ManageSieve settings plugin. This
plugin was forgotten when the LDA plugin was updated with this
change in the previous release.
- LDA Sieve plugin: fixed memory leak at deinitialization.
* Services' default vsz_limits weren't being enforced correctly in
earlier v2.0 releases. Now that they are enforced, you might notice
that the default limits are too low and you need to increase them.
This problem will show up in logs as "out of memory" errors.
See default_vsz_limit and service { vsz_limit } settings.
* LMTP: In earlier versions if mail was delivered to user+detail@domain
address, LMTP server always attempted to deliver the mail to mailbox
named "detail". This was rather unintentional and shouldn't have been
the default. lmtp_save_to_detail_mailbox=yes setting now preserves
this behavior (default is no).
+ Added systemd support (configure --with-systemdsystemunitdir).
Based on patch by Christophe Fergeau.
+ Replaced broken mbox-snarf plugin with a new more generic snarf
plugin.
- dbox: Fixes to handling external mail attachments
- verbose_proctitle=yes didn't work for all processes in v2.0.7
- imap, pop3: When service { client_count } was larger than 1, the
log messages didn't use the correct prefix. Last logged in user's
prefix was always used, regardless of what user's session actually
logged it. Now the proper log prefix is always used.
- MySQL: Only the first specified host was ever used
version 2.07: Fri Oct 1 12:39:43 CEST 2010
Improvements:
- update README: MailTools 2.* require 5.8.1
rt.cpan.org#61753 [Alexandre Bouillot]
- add "MAIL FROM" to Mail::Mailer::smtp, to be able to
communicate with Comcast [David Myers]
* libclamav/pdf.c: fix crashes
* libclamav/pe_icons.c: off by one while
* libclamav: fix detection of embedded executables
* libclamav/matcher-ac.c: fix offset handling for sigs with {x-y} wildcards
* freshclam/manager.c: fix error path infinite loop
* clamd/clamd.c: fix RLIMIT_DATA setting on BSD
* freshclam: improve mirror management
* libclamav: fix possible use of uninitialized values
* libclamav: Set the unreliability flag on (un)packed files
* libclamav/c++: Update embedded copy of LLVM to version 2.8
* freshclam: make query format backward compatible
* freshclam: get detection stats directly from clamd
* libclamav/cache.c,c++/bytecode2llvm.cpp}: make cl_load thread safe
* freshclam: load database in subprocess
* clamd: add new commands DETSTATS and DETSTATSCLEAR
* libclamav/7z.c: fix file descriptor leak
* clamd, libclamavll: add ability to logg messages from libclamav
* libclamav/builtin_bytecodes.h: Don't disable JIT on pentium4
Changes to the Cyrus IMAP Server since 2.4.4
* Tidy up of the git version number added to the ID response
* Fixed incorrect time field in date searches (Bug #3339) - thanks Greg Banks
for noticing this one
* Fixed reconstruct crash and other potential issues (Bug #3353) - first
reported Paul Dekkers
* Fixed ACL passing for rename/delete on murder backends (Bug #3342) - first
reported by Robert Spellman
* Fixed corruption of long (>1024 byte) seen records on replica (Bug #3344) -
found at FastMail by Bron Gondwana
* Made all perl utilities use /usr/bin/perl in the #! line (Bug #2275) -
reported by Yann Rouillard over 5 years ago!
* Fixed crash on message with incomplete final boundary (Bug #3345) - found
at FastMail by Bron Gondwana
* Regression: sync_crc was being set to 00000000 on repack - introduced in
2.4.4 (Bug #3347) - first found at FastMail, but also seen at multiple
other sites
* Always print [CLOSED] response when selecting a new mailbox, even if a
CONDSTORE enabling command has not been sent (Bug #3352) - reported by Jan
Kundra't, author of the Trojita IMAP client
* Fixed crash with reconstruct -rf and missing mailboxes.db entries (Bug #
3351) - reported by Giles Malet
* Made sync_server report errors earlier if there are extra records on the
master which aren't present on the replica (Bug #3355) - thanks to David
Carter for finding it and a first pass at a fix
* Stopped expunges to never-reported-messages being showed (basically if the
'EXPUNGE' command was run, and it expunged a message that the client had
never even seen - seriously rare race condition, Bug #3356) - discovered by
Bron Gondwana hammering a testbed with Dovecot's imaptest tool
* Fixed compile with old PCRE (Bug #3358) - found and fixed by Simon Matter
* Fixed missing quota usage after XFER (Buf #3349) - found by Dave McMurtrie
changes:
-Enable building with GTK+ 2.22
-QuickSearch can now be run from the command line
-Added a hidden option to set a margin in the text area of the
Compose window
-updated manual and man page
-bugfixes
-translation updates
pkgsrc change: reset MAINTAINER -- he doesn't use the program anymore
- Postfix no longer automatically appends the system default CA
(certificate authority) certificates, when it reads the CA
certificates specified with {smtp, lmtp, smtpd}_tls_CAfile or
with {smtp, lmtp, smtpd}_tls_CApath. This prevents third-party
certificates from getting mail relay permission with the
permit_tls_all_clientcerts feature. Unfortunately, this change
may cause compatibility problems with configurations that rely
on certificate verification for other purposes. To get the old
behavior, specify "tls_append_default_CA = yes".
- A prior fix for compatibility with Postfix < 2.3 was incomplete.
When pipe-to-command delivery fails with a signal, mail is now
correctly deferred, instead of being returned to sender.
- Poor smtpd_proxy_filter TCP performance over loopback (127.0.0.1)
connections was fixed by adapting the output buffer size to the MTU.
- The SMTP server no longer applies the reject_rhsbl_helo feature
to non-domain forms such as network addresses. This would cause
false positives with dbl.spamhaus.org.
- The Postfix SMTP server failed to deliver a "421" response and
hang up the connection after Milter error. Instead, the server
delivered a "503 Access denied" response and left the connection
open, due to some Postfix 1.1 workaround for RFC 2821.
- The milter_header_checks parser failed to enable any of the actions
that have no effect on message delivery (warn, replace, prepend,
ignore, dunno, and ok).
== [release-1-6-2] 1.6.2: 2010-11-23
A bug fix release of 1.6.1.
=== milter manager
==== Improvements
* Made PID file directory prepareing process in init
script on Debian robust.
[Reported by Kenji Shiono]
* Used gint64 for time_t.
[Suggested by OBATA Akio]
==== Fixes
* Fixed missing temporary file close.
[Reported by Kenji Shiono]
=== milter manager admin
==== Improvements
* Documented required sqlite3-ruby version on CentOS.
[Reported by Kenji Shiono]
=== Ruby milter
==== Improvements
* Made milter-tarpit.rb, a sample milter, asynchronous.
[Reported by Kenji Shiono]
* Provided all milter API.
==== Fixes
* Fixed a typo in command line option.
[Reported by Kenji Shiono]
- imap: Fixed SELECT QRESYNC not to crash on mailbox close if a lot
of changes were being sent.
- pop3: Fixed a potential hang
- mbox: Creating new mailboxes should base permissions on mail root
dir, not always use 0600.
- auth: Disable auth caching entirely for master users.
Changes to the Cyrus IMAP Server since 2.4.3
* Rewrite index_upgrade to always parse the message files and
re-create cyrus.cache, to avoid upgrade upgrade failures where
cache errors occured.
* Fixed sync_reset handling of user deletions
* Fixed proc file handling of LOGIN and folder unselect
* use cyrus.expunge file (if still present) to delete bogus records
from a failed index upgrade (cause by bugs in earlier version)
* detect version 2.5 in XFER to support use with master git branch in
a murder
* made pop3 expunge much more efficient
* handle missing seen file in XFER
* Fix procmail vacation rule if no dates are set
* Fix filtering only unseen message if rule should filter all messages in
IMAP driver
Changes 1.2.4:
* Correctly escape addresses in procmail driver
* Fix procmail scripts when using composite headers
* Support some non-standard Date: headers in Sieve vacation rules
* Support composite header rules with IMAP backends
* Fix unconditional debug output with Net_Sieve earlier than 1.2.0
* Add Sieve configuration to use UTF-8 encoded folder names (for Dovecot)
Changes 1.2.3:
* Log Sieve communication with DEBUG log level.
* Fix Oracle SQL scripts.
* Add Croatian translation
* Add PostgreSQL-specific upgrade script
* Fix procmail vacation rule
* Prevent deadlock with vacation rule in maildrop driver
* Fix error if user's account only contains an INBOX
Changes 4.3.8:
* SECURITY: Properly escape user input in Fetchmail configuration.
* Fix updating POP3 indices when using mailbox caching
* Include "anyone" user when listing users in the ACL screen
* Turn DNS prefetching off when displaying untrusted message content
Changes 4.3.7:
* Fix spellcheck-on-send when using fckeditor and no errors exist
* Fix authenticate API call and synchronization when using realms
* Optimize folder tree initialization
* Add command line fetchmail script
* Workaround broken PHP number formatting with some locales
* gpglib/configure.in: Use "gpg2" if "gpg" is not found.
* sqwebmail.spec.in: Use gnugp2 as a requirement if gnupg is not
installed. Replace vixie-cron with cronie as a listed req.
(macro changes, need to recompile package using it)
Bump BUILDLINK_ABI_DEPENDS and bump PKGREVISION of two packages using it
(other packages depending on Ruby/GLib2 are part of Ruby/Gnome2 and
already depending on the version).
* master: default_process_limit wasn't actually used anywhere,
rather the default was unlimited. Now that it is enforced, you might
notice that the default limit is too low and you need to increase it.
Dovecot logs a warning when this happens.
* mail-log plugin: Log mailbox name as virtual name rather than
physical name (e.g. namespace prefix is included in the name)
+ doveadm dump: Added imapzlib type to uncompress IMAP's
COMPRESS DEFLATE I/O traffic (e.g. from rawlog).
- IMAP: Fixed LIST-STATUS when listing subscriptions with
subscriptions=no namespaces.
- IMAP: Fixed SELECT QRESYNC not to crash on mailbox close if a lot of
changes were being sent.
- quota: Don't count virtual mailboxes in quota
- doveadm expunge didn't always actually do the physical expunging
- Fixed some index reading optimizations introduced by v2.0.5.
- LMTP proxying fixes
dovecot-sieve option (managesieve support is now included with sieve).
Create additional "dovenull" user for login processes. Add MESSAGE
with upgrade notes. Grab maintainership.
Major changes since 1.2:
* Dovecot uses two system users for internal purposes now by default:
dovenull and dovecot. You need to create the dovenull user or change
default_login_user setting.
* Global ACLs are now looked up using namespace prefixes. For example
if you previously had INBOX. namespace prefix and a global ACL for
"INBOX.Sent", it's now looked up from "INBOX.Sent" file instead of
"Sent" as before.
* Maildir: File permissions are no longer based on dovecot-shared file,
but the mailbox directory.
+ Redesigned master process. It's now more modular and there is less
code running as root.
+ Configuration supports now per-local/remote ip/network settings.
+ dsync utility does a two-way mailbox synchronization.
+ LMTP server and proxying.
+ Added mdbox (multi-dbox) mail storage backend.
+ doveadm utility can be used to do all kinds of administration
functions. Old dovecotpw and *view utilities now exist in its
subcommands.
+ imap and pop3 processes can now handle multiple connections.
+ IMAP: COMPRESS=DEFLATE is supported by imap_zlib plugin
+ director service helps NFS installations to redirect users always
to same server to avoid corruption
Changes to the Cyrus IMAP Server since 2.4.2
* Many fixes to replication edge case handling
* Added missing flags to reconstruct
* Replicate DELETED.user folders in sync_client -u (matches XFER
behaviour now)
* Make sync_client only connect after forking in rolling mode. Fixes
two things - ssl crashes due to shared resource conflicts, and also
means master will start up even if the replica is not contactable
* Fixed crash on cyr_expire and ipurge annotation based expiry
* Many XFER fixes for compatibility across versions:
* allowing XFER in from delayed_expunge mailboxes
* allowing XFER back all the way to Cyrus 2.2.12. This was
accomplished by adding logic that can generate
backwards-compatible older version indexes, and version
detection from the imapd banner.
* correctly fixing seen information for sub-mailboxes on XFER in
* Multi-target replication. Strictly this is a new feature - there
was a broken implementation in 2.4.0, which is how this snuck in to
the bugfix release. It's not super-well documented yet, but it
works by creating a separate log file for each destination
"channel", and then running one sync_client process per channel, so
replication can fall behind on one without affecting replication to
the other.
* Fixed some crashes and errors which occured when upgrading and
opening corrupted mailboxes
* Modified AFS ptloader configure options to allow building on more
modern systems
1.5.21 (2010-09-15):
+ $mail_check_recent controls whether all unread mail or only new mail
since the last mailbox visit will be reported as new
+ %D format expando for $folder_format
! $thorough_search defaults to yes
+ imap-logout-all closes all open IMAP connections
! header/body cache paths are always UTF-8
+ $wrap_headers to control outgoing message's header length
+ all text/* parts can be displayed inline without mailcap
+ send-hooks now run in batch mode; previously only send2-hooks ran.
* mailfilter.c (clrfields): Added the "noquote" option to the filter
screen that sets the donotquote autoreply option.
* rfc822/rfc822.c (rfc822_print_common_nameaddr): Prevent segfault if
address decode fails.
* Fix make check failure when libidn is not available.
* Rebuilt man pages with updated stylesheets.
* gpglib/list.c: Handle GnuPG 2 --with-colons output format changes.
* gpglib/mimegpgfork.c: GnuPG 2 wants --batch when specifying passphrase-fd.
* cone/cursesmessage.C: Strip off trailing CRs from original message
that's being replied or forwarded (shown as trailing ?s on every line
in the reply).
* tcpd/configure.in: Check if explicit linking with libgpg-error is
required.
It adds support for the Sieve language (RFC 5228) and the ManageSieve protocol
(RFC 5804) to the Dovecot Secure IMAP Server.
The Sieve language is used to specify how e-mail needs to be processed. By
writing Sieve scripts, users can customize how messages are delivered, e.g.
whether they are forwarded or stored in special folders. Unwanted messages can
be discarded or rejected, and, when the user is not available, the Sieve
interpreter can send an automated reply. Above all, the Sieve language is meant
to be simple, extensible and system independent. And, unlike most other mail
filtering script languages, it does not allow users to execute arbitrary
programs. This is particularly useful to prevent virtual users from having full
access to the mail store. The intention of the language is to make it impossible
for users to do anything more complex (and dangerous) than write simple mail
filters.
Using the ManageSieve protocol, users can upload their Sieve scripts remotely,
without needing direct filesystem access through FTP or SCP. Additionally,
aManageSieve server always makes sure that uploaded scripts are valid,
preventing compile failures at mail delivery.
This package provides Sieve support as a plugin to Dovecot's Local Delivery
Agent (LDA) and Dovecot's LMTP service. The ManageSieve protocol is provided is
an additional service, next to Dovecot's own POP3 and IMAP services.
written with security primarily in mind. Dovecot is an excellent choice for both
small and large installations. It's fast, simple to set up, requires no special
administration and it uses very little memory.
IMAP (Internet Message Access Protocol) is an Internet standards-track
protocol for accessing messages (mail, bboards, news, etc). The Cyrus
IMAP server differs from other IMAP server implementations in that it
is generally intended to be run on "sealed" servers, where normal users
are not permitted to log in. The mailbox database is stored in parts of
the filesystem that are private to the Cyrus IMAP system. All user
access to mail is through the IMAP, POP3, or KPOP protocols.
and paths being used.
MAJORDOMO_HOMEDIR moves from /home/majordom to $VARBASE/majordomo, unless
overridden by the package builder
MAJORDOMO_CF is now ${PREFIX}/etc/majordomo/majordomo.cf
The Distributed Checksum Clearinghouses or DCC is an anti-spam content filter
that runs on a variety of operating systems. As of the middle of 2007, it
involves millions of users, more than six hundred thousand client computer
systems, and more than 250 servers collecting and counting checksums related to
more than 300 million mail messages on week days. The counts can be used by
SMTP servers and mail user agents to detect and reject or filter spam or
unsolicited bulk mail. DCC servers exchange or "flood" common checksums. The
checksums include values that are constant across common variations in bulk
messages, including "personalizations".
1.4.0 31-July-2010
---------------------------------------------
- Add change notification for collection subscription state changes.
- Enable filesystem payload store by default.
- Fix unicode folder name encoding regression.
1.3.90 04-July-2010
---------------------------------------------
- Reset RIDs on inter-resource moves.
- Optimize disk space usage with internal MySQL.
- Improve error reporting of the Akonadi remote debugging server.
- Fix moving collections into the collection root.
- Report PostgreSQL database errors in english independent of locale settings.
- Fix unicode collection name encoding.
- Optimize cache pruning with filesystem payload store.
- Fix automatic migration between database and filesystem payload store.
1.3.85 09-June-2010
---------------------------------------------
- Avoid unneeded full resource sync when using sync-on-demand cache policies.
- Fix crash when using D-Bus session bus in a secondary thread.
- Reduce emission of unneccessary change notifications.
- Fix empty filename use in fs backend.
1.3.80 27-May-2010
---------------------------------------------
- Fix unicode collection name encoding.
- Support HRID-based FETCH commands.
- Fix Nepomuk-based persistent searches when Nepomuk was not running during
Akonadi startup.
- Fix compilation on Windows CE.
- Optimize item retrieval queries.
- Support modification of existing persistent searches.
- Support different query languages for persistent searches.
- Fix PostgreSQL shutdown.
- Add initial support for Sqlite.
- Fix premature command abortion.
- Fix parsing of cascaded lists.
- Support for mysql_update_db.
- Support for mysql_install_db.
- Improved protocol tracing for akonadiconsole.
- Support MySQL backend on Maemo.
- Allow RID changes only to the owning resource.
- Add Akonadi remote debugging server.
- Add support for marking chaced payloads as invalid.
- Add support for remove revision property.
- Fix MySQL connection loss after 8 hours of inactivity.
- Fix D-Bus race on server startup.
- Fix internal MySQL on Windows.
- Fix config and data file location on Windows.
- Fix PostgreSQL startup when using internal server.
- Refactor database configuration abstraction.
This seems to fix the security problem with '\0' in domain names which
was also present in openssl and nss. (CVE-2010-1192)
(The bundled changelog does only beat around the bush.)
* lib/Mail/DKIM/DkSignature.pm, Signature.pm: avoid calling lc() on
an undefined value (this generates warnings in Perl 5.12.x).
* lib/Mail/DKIM/PrivateKey.pm (load): fix bug where a private key file
named '0' could not be loaded
* lib/Mail/DKIM/DkSignature.pm (new): accept Key parameter when
constructing a DomainKey signature object
* t/external_signer.t: test use of an alternate object for Key
during a "sign" operation
* lib/Mail/DKIM/Signer.pm: document use of an alternate object for
PrivateKey objects
* lib/Mail/DKIM/Signer.pm: import PrivateKey.pm in this module,
rather than in the Algorithm modules
* lib/Mail/DKIM/PrivateKey.pm: document the sign_digest() method
* lib/Mail/DKIM/Algorithm/*: use sign_digest() rather than
sign_sha1_digest()
* t/public_key.t: test that DNS failure reason is given, when
DNS returns no results
* lib/Mail/DKIM/DNS.pm: bugfix (introduced by async_dns branch):
preserve $@ in case of no error
* lib/Mail/DKIM/{DNS,Signature,PublicKey,Policy}.pm: merged my
"async dns" branch
* lib/Mail/DKIM/Policy.pm: new fetch_async method, seems to work
* lib/Mail/DKIM/Signature.pm: new fetch_public_key method,
which starts an asynchronous query for the public key
referenced by this signature; redesign get_public_key to
know how to complete the query
* lib/Mail/DKIM/PublicKey.pm: new fetch_async method: starts a
query and returns a subref that when called will complete the
query
* lib/Mail/DKIM/DNS.pm: new query_async method: starts a query and
returns a subref that when called will complete the query
* MANIFEST: include sample_mime_lite.pl script in tarball
* lib/Mail/DKIM/DNS.pm: restart timer after a DNS lookup
Mail) sender authentication system proposed by the E-mail Signing Technology
Group (ESTG), now standardized by the IETF (RFC4871). It also includes
implementations of the Author Domain Signing Practises (ADSP, RFC5617) and
Vouch By Reference (VBR, RFC5518) proposed standards.
The project started from a code fork of version 2.8.3 of the open source
dkim-milter package developed and maintained by Sendmail, Inc.
Patch submitted by Todd Kover in PR pkg/43974
-> bump pkgrev
- make myself maintainer
- add restriction (majordomos license does not allow redistribution of
modified binaries)
-------------
- Fix handling of backslash as IMAP delimiter
- Fix charset replacement in HTML message bodies (#1487021)
- Fix: contact group input is empty when using rename action more than once on t
he same group record
- Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023)
- Fix handling of Thunderbird's vCards (#1487024)
Oked by wiz@
(bugfixes only).
Changelog for Dovecot 1.2.15:
* acl: Fixed the logic of merging multiple ACL entries. Now it works as
documented, while previously it could have done slightly different
things depending on the order of the entries.
For details see http://www.dovecot.org/list/dovecot/2010-October/053452.html
* acl: Don't give admin rights to all owner mailboxes. This was
originally done to make sure that mailbox owner couldn't accidentally
remove their own admin rights. But this is already prevented by
SETACL command, so it's not necessary. Also sysadmin may have
intentionally removed some admin rights from some mailboxes
(especially when using symlinked shared mailboxes).
- Maildir: Fixed potential "Duplicate file entry" in dovecot-uidlist
file errors.
- Maildir: Avoid unnecessary uidlist recreation during mail delivery.
- imap: When SELECT fails, it didn't close the previous mailbox.
- Dovecot master process could have died if it got SIGCHLD signals
very rapidly while it was trying to log. This could have happened
for example if a lot of imap/pop3 sessions disconnected at the exact
same time.
Changelog for Sieve 0.1.18:
- Imap4flags: fixed segfault bug occuring in multiscript context.
Occured in specific situations when a script using imap4flags was
followed in the sequence by scripts not using imap4flags.
- Imap4flags: fixed bug in setflag command; when parameter was a
stringlist, only the last item was actually set.
- Prevented assertion failure due to currupt binary string
representation. If the string were missing a final \0 character an
assertion was produced in stead of a binary corruption error.
- Multiscript: fixed duplicate implicit keep caused by erroneous
execution state update.
- Fixed Sieve script name checking to properly handle length limit
and added 0x00ff as invalid character.
- Removed spurious old stdio.h (top) includes; these caused compile
issues on specific systems.
- Fixed default Sieve capability (as reported by ManageSieve): extra
extensions spamtest, spamtestplus and virustest were enabled by
default. These should, however, only be enabled when properly
configured and there is no default configuration.
- Variables extension: fixed :length set modifier to recognize utf8
characters in stead of octets.
- Fixed unnecessary reporting of dummy extensions in ManageSieve
SIEVE capability; the comparator-i;octet and
comparator-i;ascii-numeric 'extensions' were reported explicitly.
- LDA Sieve plugin: added _version symbol to enable Dovecot's plugin
version check. Without this check, people can forget to recompile
the plugin, which can lead to unexpected effects.
Changelog for ManageSieve 0.11.12:
- Fixed error handling of PUTSCRIPT commmand; save commit errors
would not make the command fail.
- Fixed PUTSCRIPT bug causing it to hang when given an empty script
name.
-------------
- Fix space-stuffing in format=flowed messages (#1487018)
- Fix msgexport.sh now using the new imap wrapper
- Avoid displaying password on shell (#1486947)
- Only lower-case user name if first login attempt failed (#1486393)
- Make alias setting in squirrelmail_usercopy plugin configurable (patch by pomm
i, #1487007)
- Prevent from saving a non-existing skin path in user prefs (#1486936)
- Improve handling of single-part messages with bogus BODYSTRUCTURE (#1486898)
- Fix path to SQL files when using pgsql/mysqli/sqlsrv drivers (#1486902)
- Fix upgrade script for SQLite (#1486903)
- Fixes in SQL init script + added update script for MSSQL database
- Remove redundant date in syslog messages (#1486945)
- Fix contacts list page controls when a group is selected (#1486946)
- Fix SMTP test in Installer (#1486952)
- Fix "Select all" causes message to be opened in folder with exactly one messag
e (#1486913)
- Fix Tab key doesn't work in HTML editor in Google Chrome (#1486925)
- Fix TinyMCE uses zh_CN when zh_TW locale is set (#1486929)
- Fix TinyMCE buttons are hidden in Opera (#1486922)
- Fix JS error on IE when trying to send HTML message with enabled spellchecker
(#1486940)
- Display inline images with known extensions and non-image content-type (#14869
34)
- Fix "Threaded" checkbox after subfolder creation (#1486928)
- Fix timezone string in sent mail (#1486961)
- Show disabled checkboxes for protected folders instead of dots (#1485498)
- Added fieldsets in Identity form, added 'identity_form' hook
- Re-added 'Close' button in upload form (#1486930, #1486823)
- Fix handling of charsets with LATIN-* label
- Fix messages background image handling in some cases (#1486990)
- Fix format=flowed handling (#1486989)
- Fix when IMAP connection fails in 'get' action session shouldn't be destroyed
(#1486995)
- Fix list_cols is not updated after column dragging (#1486999)
- Support %z variable in host configuration options (#1487003)
Oked by wiz@
+ virtual mailboxes: Added support for IDLE notifications.
- master: Don't crash on config reload when using dict processes.
- IMAP: QRESYNC parameters for SELECT weren't handled correctly.
------------------
- Fix disapearing upload form disapears when user selects a file on Safari (#148
6823)
- Don't replace error messages with loading info (#1486300)
- Fix JS errors on compose mode switch (#1486870)
- Fix message structure parsing when it lacks optional fields (#1486881)
- Include all recipients in sendmail log
- Support HTTP_X_FORWARDED_PROTO header for HTTPS detecting (#1486866)
- Fix default IMAP port configuration (#1486864)
- Create Sent folder when starting to compose a new message (#1486802)
- Fix handling of messages with Content-Type: application/* and no filename (#14
84050)
- Improved compose screen: resizable body and attachments list, vertical splitte
r, options menu
- Fix RC forgets search results (#1483883)
- TinyMCE 3.3.7
- Improve parsing of styled empty tags in HTML messages (#1486812)
- Add %dc variable support in base_dn/bind_dn config (#1486779)
- Add button to hide/unhide the preview pane (#1484215)
- Fix no-cache headers on https to prevent content caching by proxies (#1486798)
- Fix attachment filenames broken with TNEF decoder using long filenames (#14867
95)
- Use user's timezone in Date header, not server's timezone (#1486119)
- Add option to set separate footer for HTML messages (#1486660)
- Add real SMTP error description to displayed error messages (#1485927)
- Fix some IMAP errors handling when opening the message (#1485443)
- Fix related parts aren't displayed when got mimetype other than image/* (#1486
432)
- Multiple identity and database support for squirrelmail_usercopy plugin (#1486
517)
- Support dynamic hostname (%d/%n) variables in configuration options (#1485438)
- Add 'messages_list' hook (#1486266)
- Add request* event triggers in http_post/http_request (#1486054)
- Fix use RFC-compliant line-delimiter when saving messages on IMAP (#1486712)
- Add 'imap_timeout' option (#1486760)
- Fix forwarding of messages with winmail attachments
- Fix handling of uuencoded attachments in message body (#1485839)
- Added list_mailboxes hook in rcube_imap::list_unsubscribed() (#1486668)
- Fix wrong message on file upload error (#1486725)
- Add support for data URI scheme [RFC2397] (#1486740)
- Added 'actionbefore', 'actionafter', 'responsebefore', 'responseafter' events
- Fix double-addition of e-mail domain to content ID in HTML images
- Read and send messages with format=flowed (#1484370), fixes word wrapping issu
es (#1486543)
- Fix duplicated attachments when forwarding a message (#1486487)
- Fix message/rfc822 attachments containing only attachments are not parsed prop
erly (#1486743)
- Fix %00 character in winmail.dat attachments names (#1486738)
- Fix handling errors of folder deletion (#1486705)
- Parse untagged CAPABILITY response for LOGIN command (#1486742)
- Renamed all php-cli scripts to use .sh extension
- Some files from /bin + spellchecking actions moved to the new 'utils' task
- Added thread tree icons
- Extend contact groups support (#1486682)
- Fix check-recent action issues and performance (#1486526)
- Fix messages order after checking for recent (#1484664)
- Fix autocomplete shows entries without email (#1486452)
- Fix listupdate event doesn't trigger on search response (#1486708)
- Fix select_all_mode value after selecting a message (#1486720)
- Set focus to editor on reply in HTML mode (#1486632)
- Fix composing in HTML jumps cursor to body instead of recipients (#1486674)
- Allow columns order change per user - drag&drop (#1485795)
- Add References header in read receipt (#1486681)
- Fix database constraint violation when opening a message (#1486696)
- Add 'loading' message while login is in progress (#1486667)
- Fix quota_zero_as_unlimited (#1486662)
- Fix folder subscription checking (#1486684)
- Fix INBOX appears (sometimes) twice in mailbox list (#1486672)
- Fix listing of attachments of some types e.g. "x-epoc/x-sisx-app" (#1486653)
- Fix DB Schema checking when some db_table_* options are not set (#1486654)
RELEASE 0.4-beta
----------------
- Add sizelimit and timelimit variables in LDAP config (#1486544)
- Hide IMAP host dropdown when single host is defined (#1486326)
- Add images pre-loading on login page (#1451160)
- Add HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR to successful logins log (#1486441
)
- Fix setting spellcheck languages with extended codes (#1486605)
- Fix messages list scrolling in FF3.6 (#1486472)
- Fix quicksearch input focus (#1486637)
- Always set changed date when flagging a DB record as deleted + provide a clean
up script
- Fix address book/group selection (#1486619)
- Assign newly created contacts to the active group (#1486626)
- Added option not to mark messages as read when viewed in preview pane (#148501
2)
- Allow plugins modify the Sent folder when composing (#1486548)
- Added optional (max_recipients) support to restrict total number of recipients
per message (#1484542)
- Re-organize editor buttons, add blockquote and search buttons
- Make possible to write inside or after a quoted html message (#1485476)
- Fix bugs on unexpected IMAP connection close (#1486190, #1486270)
- Iloha's imap.inc rewritten into rcube_imap_generic class
- Added contact groups in address book (not finished yet)
- Added PageUp/PageDown/Home/End keys support on lists (#1486430)
- Added possibility to select all messages in a folder (#1484756)
- Added 'imap_force_caps' option for after-login CAPABILITY checking (#1485750)
- Password: Support dovecotpw encryption
- TinyMCE 3.3.1
- Implemented messages copying using drag&drop + SHIFT (#1484086)
- Improved performance of folders operations (#1486525)
- Fix blocked.gif attachment is not attached to the message (#1486516)
- Managesieve: import from Horde-INGO
- Managesieve: support for more than one match (#1486078)
- Managesieve: support for selectively disabling rules within a single sieve scr
ipt (#1485882)
- Threaded message listing now available
- Added sorting by ARRIVAL and CC
- Message list columns configurable by the user
- Removed 'index_sort' option, now we're using empty 'message_sort_col' for this
- virtuser_query: support other identity data (#1486148)
- Options virtuser_* replaced with virtuser_* plugins
- Plugin API: Implemented 'email2user' and 'user2email' hooks
- Fix forwarding message omits CC header (#1486305)
- Add 'default_charset' option to user preferences (#1485451)
- Add 'delete_always' option to user preferences
- Support/Require tls:// prefix in 'smtp_server' option for TLS connections
- Fix inconsistent behaviour of 'delete_always' option (#1486299)
- Fix deleting all messages from last list page (#1486293)
- Flag original messages when sending a draft (#1486203)
- Changed signature separator when top-posting (#1486330)
- Let the admin define defaults for search modifiers (#1485897)
- Fix long e-mail addresses validation (#1486453)
- Remember search modifiers in user prefs (#1486146)
- Added force_7bit option to force MIME encoding of plain/text messages (#148651
0)
- Use case sensitive check when checking for default folders (#1486346)
- Fix checking for new mail: now checks unseen count of inbox (#1485794)
- Improve performance by avoiding unnecessary updates to the session table (#148
6325)
- Fix invalid <font> tags which cause HTML message rendering problems (#1486521)
- Fix CVE-2010-0464: Disable DNS prefetching (#1486449)
- Fix Received headers to behave better with SpamAssassin (#1486513)
- Password: Make passwords encoding consistent with core, add 'password_charset'
global option (#1486473)
- Fix adding contacts SQL error on mysql (#1486459)
- Squirrelmail_usercopy: support reply-to field (#1486506)
- Fix IE spellcheck suggestion popup issue (#1486471)
- Fix email address auto-completion shows regexp pattern (#1486258)
- Fix merging of configuration parameters: user prefs always survive (#1486368)
- Fix quota indicator value after folder purge/expunge (#1486488)
- Fix external mailto links support for use as protocol handler (#1486037)
- Fix attachment excessive memory use, support messages of any size (#1484660)
- Fix setting task name according to auth state
- Password: fix vpopmaild driver (#1486478)
- Add workaround for MySQL bug [http://bugs.mysql.com/bug.php?id=46293] (#148647
4)
- Fix quoted text wrapping when replying to an HTML email in plain text (#148414
1)
- Fix handling of extended mailto links (with params) (#1486354)
- Fix sorting by date of messages without date header on servers without SORT (#
1486286)
- Fix inconsistency when not using default table names (#1486467)
- Fix folder rename/delete buttons do not appear on creation of first folder (#1
486468)
- Fix character set conversion fails on systems where iconv doesn't accept //IGN
ORE (#1486375)
- Log in performance: Create default folders on first login only
- Import contacts into the selected address book (by Phil Weir)
- Add support for MDB2's 'sqlsrv' driver (#1486395)
- Use jQuery-1.4
- Removed problematic browser-caching of messages
- Fix incompatybility with suhosin.executor.disable_emodifier (#1486321)
- Use PLAIN auth when CRAM fails and imap_auth_type='check' (#1486371)
- Fix removal of <title> tag from HTML messages (#1486432)
- Fix 'force_https' to specified port when URL contains a port number (#1486411)
- Fix to-text converting of HTML entities inside b/strong/th/hX tags (#1486422)
- Bug in spellchecker suggestions when server charset != UTF8 (#1486406)
- Managesieve: Fix requires generation for multiple actions (#1486397)
- Fix LDAP problem with special characters in RDN (#1486320)
- Improved handling of message parts of type message/rfc822
- Plugin API: added 'quota' hook
- Fix parsing conditional comments in HTML messages (#1486350)
- Use built-in json_encode() for proper JSON format in AJAX replies
- Allow setting only selected params in 'message_compose' hook (#1486312)
- Plugin API: added 'message_compose_body' hook (#1486285)
- Fix counters of all folders are checked in 'getunread' action with check_all_
folders disabled (#1486128)
- Fix displaying alternative parts in messages of type message/rfc822 (#1486246)
- Fix possible messages exposure when using Roundcube behind a proxy (#1486281)
- Fix unicode para and line separators in javascript response (#1486310)
- Additional_message_headers: allow unsetting headers, support plugin's config f
ile (#1486268)
- Fix displaying of hidden directories in skins list (#1486301)
- Fix open_basedir restriction error when reading skins list (#1486304)
- Fix pasting from Office apps into html editor (#1486271)
- Fix empty <a> tags parsing (#1486272)
- Don't cut off attachment names when using non-RFC2231 encoding (#1485515)
- Allow inserting signatures above replied message body (#1484272)
- Managesieve 2.0: multi-script support
- Fix imap_auth_type regression (#1486263)
(ok schmonz, take over maintainer)
Changelog:
1.5.4: 2010-09-13 23:59 UTC
Critical Security release.
It is highly recommended that users of 1.5.3 upgrade to this release, a change in the boundary detection
code introduced a potential denial of service attack.
Bug Fixes
#17862 - quote boundary preg_split code
1.5.3: 2010-09-05 09:26 UTC
Major Bugfix release.
Apart from a major cleanout of the bug tracker for this package, this
release includes a revamped parseHeaderValue which removes the rather
flakey regex, with a real parser, which should be considerably more
robust.
Bug Fixes
#17844 - all regression tests fixed - remove the last of the while
list each() .. this is 2010 ;)...
#11410 - support wap multipart
#9616 - long strings as filename
etc.. aaa*0=.... aaa*1=.... aaa*2=.... (merged into aaa=.....)
#9100 - change to preg_split for mime boundary detection , in theory
should catch boundaries in nested situations better...
#7709 - check for last element on boundary split to see if its usable
#7065 - wrapped header lines with encoding should be concated without spaces
#6495 - missing body in decoded object
#11537 - better decode and multi-line support
1.5.2: 2010-09-02 12:01 UTC
Bug Fixes
#4739 - regexp parsing of header values does not balance quoting
correctly - Fix sponsored by http://webyog.com#17325 - empty body messages are valid messages
#17276 - remove &new usage which throws errors now
1.8.0: 2010-07-29 06:46 UTC
Changelog:
Bugs Fixed:
* Double-addition of e-mail domain to content ID in HTML images [alec]
* #17311: Multi-octet characters are split across adjacent 'encoded-word's
[alec]
* #17573: Place charset parameter in first line of Content-Type header
(if possible) [alec]
Implemented Features:
* #17518: addTo() method [alec]
1.7.0: 2010-04-12 12:03 UTC
Changelog:
Implemented Features:
* Added Mail_mime::setContentType() function with possibility to set various
types in Content-Type header (also fixes problem with boundary parameter
when Content-Type header was specified by user) [alec]
== Mon Sep 13 02:31:21 UTC 2010 Mikel Lindsaar <mikel@rubyx.com>
* Replace some missing documentation
* Version bump to 2.2.6.1
== Sat 11 Sep 2010 05:13:36 UTC Mikel Lindsaar <mikel@rubyx.com>
* Fixed parsing an email with an empty In-Reply-To header (Reported by Eugene Pimenov)
* Adding address spec for groupname+domain.com@example.com format emails
* Version bump to 2.2.6
== Sat Sep 11 01:56:59 UTC 2010 Mikel Lindsaar <mikel@rubyx.com>
* Added new way to do versioning for rubygems
* Added additional specs for Content-Disposition: inline which are not being encoded correctly - Shawn Pyle
* Make sure Mail::Message#attachment? returns true/false - Simone Carletti
* Replace hard-coded references to Mail with more generic self references to allow easier inheritance (closes#61) - Simone Carletti
* Force encoding on Regexp for Ruby 1.9 to avoid encoding conflicts - Golubev Pavel
* Added lazy evaluation to message body: body is not parsed until need. It greatly improves performance with big mails if you don't need to read the body (yet)
* Added Mail.read_from_string as an explicit method (mcansky)
* Fixed bounce detection for multipart reports that contain a human readable report status part
* Closed Issue #65 found (incredibly) by quetz - major Kudos for bug hunting
* Fixed missing trailing CRLF in content type field - Closes issue #57 - Kudos to Henry Flower for finding it
* Version bump to 2.2.5.2
== Sat Sep 11 01:32:13 UTC 2010 Mikel Lindsaar <mikel@rubyx.com>
* Closed issue #58 - Content Type not parsing unless lower case.
* Version bump to 2.2.5.1
Upstream changes:
0.10 Fri Jul 8 15:45:42 CEST 2010
- fix: authentificate against Cyrus CPAN bug #58192 Rudy Gevaert
You can pass different user and authname to auth() now
- fix: added missed entry in Changes of v0.09
- fix: stall in select() CPAN bug #58235 Rudy Gevaert
When the SSL layer buffers data, select() does not return
true, hence, is not indicating that pending data. It seems
that select() queries the TCP stack only.
The now choosen maximal size in sysread() is larger than
the block size of Net::SSLeay at the current time of 32KB.
0.09 Thu Sep 24 14:29:07 CEST 2009
- fix: CPAN bug#49333: bug in Mangesieve by Oliver Eales
base64 encoded password in fallback branch contains line
feeds
pkgsrc changes:
- adjusting license definition
- adjusting module type
- tidy Makefile
- re-sort dependencies
Upstream changes:
2.102 2010-02-14
minor documentation improvements
do not break chaining on $stuff->FOO_text(undef);
2.101 2009-11-12
accept character (unicode) strings for bodies and headers
ucfirst header names
(above changes by Aristotle Pagaltzis)
2.100 2009-08-11
Allows attach_file to accept attribute arguments ie (content_type)
just like attach does (twek)
2.09 Sat 16 May 2009
- documentation tweaks for SMTP hostname; thanks Kieren Kiment
Action Mailer is a framework for designing email-service layers. These layers
are used to consolidate code for sending out forgotten passwords, welcome
wishes on signup, invoices for billing, and any other use case that requires
a written notification to either a person or another system.
Action Mailer is in essence a wrapper around Action Controller and the
Mail gem. It provides a way to make emails using templates in the same
way that Action Controller renders views using templates.
Additionally, an Action Mailer class can be used to process incoming email,
such as allowing a weblog to accept new posts from an email (which could even
have been sent from a phone).
(This is part of Ruby on Rails 3.)
Mail is an internet library for Ruby that is designed to handle emails
generation, parsing and sending in a simple, rubyesque manner.
The purpose of this library is to provide a single point of access to handle
all email functions, including sending and receiving emails. All network
type actions are done through proxy methods to Net::SMTP, Net::POP3 etc.
Built from my experience with TMail, it is designed to be a pure ruby
implementation that makes generating, sending and parsing emails a no
brainer.
It is also designed form the ground up to work with Ruby 1.9. This is because
Ruby 1.9 handles text encodings much more magically than Ruby 1.8.x and so
these features have been taken full advantage of in this library allowing
Mail to handle a lot more messages more cleanly than TMail. Mail does run on
Ruby 1.8.x... it's just not as fun to code.
Finally, Mail has been designed with a very simple object oriented system
that really opens up the email messages you are parsing, if you know what
you are doing, you can fiddle with every last bit of your email directly.
* Use lang/ruby/gem.mk instead of misc/rubygems/rubygem.mk.
* Add LICENSE.
* Remove default value of GEM_BUILD.
=== 1.2.7.1 / 2010-02-07
* Fixed stray ruby-debug
* Re indented RChardet, and handled old syntax
* Add LICENSE.
* Remove default value of GEM_BUILD.
== MIME::Types 1.16
* Made compatible with Ruby 1.8.6, 1.8.7, and 1.9.1.
* Switched to the 'hoe' gem system and added a lot of build-time tools.
* Updated the MIME types to the list based on the values in the Perl library
version 1.27. Also updated based on external source information and bug
reports.
* This is the last planned version of MIME::Types 1.x. Work will be
starting soon on MIME::Types 2.x with richer data querying mechanisms
and support for external data sources.
* Several fixes to improve stability.
* Several fixes to the user interface.
* Several security fixes:
MFSA 2010-63 Information leak via XMLHttpRequest statusText
MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
MFSA 2010-61 UTF-7 XSS by overriding document charset using <object> type
attribute
MFSA 2010-59 SJOW creates scope chains ending in outer object
MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
MFSA 2010-57 Crash and remote code execution in normalizeDocument
MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-55 XUL tree removal crash and remote code execution
MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
MFSA 2010-52 Windows XP DLL loading vulnerability
MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
MFSA 2010-50 Frameset integer overflow vulnerability
MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
* QUOTA and MYRIGHTS IMAP extension support.
* IMAP compression (COMPRESS=DEFLATE) when supported by server
* making opening attachment easier by saving them in a directory
* downloadable images when using Webkit html widget
* faster opening of the compose window.
* text searching enabled in the WebKit html viewer.
* options to hide toolbars and other parts of the UI (useful on netbooks etc).
* For laptop/wifi users: not trying to reach POP3 servers while disconnected,
and instead checking immediately on reconnection.
* infinite loop avoided.
* avoid crashes when manually verifing GPG signature.
GMime 2.4 has had a number of API changes since GMime 2.2. To start, ALL public
APIs that used to use off_t in GMime 2.2 now use gint64 so that the API and ABI
do not change based on whether or not large file support is enabled.
In addition, all of the functions marked as deprecated in 2.0 and 2.2 were
removed (usually they had equivalent functionality in a parent class).
Many functions have also been renamed for better clarity and/or consistency.
For convenience, GMime 2.4 source packages include a shell-script to aid in
porting applications using GMime 2.2 (should work for most GMime 2.0
applications as well) to the 2.4 API. You can find this script under the
tools/ directory, named `gmime-port-2-2-to-2-4.sh'.
This script won't fix everything, but it should help quite a bit.
pkgsrc changes:
- adjust dependencies
Upstream changes:
0.102370 2010-08-25 08:37:22 America/New_York
remove spurious prereq on Sys::Hostname::Long (thanks ABH)
tweak some tests for truth/definedness in SMTP transport
0.102360 2010-08-24 07:47:24 America/New_York
avoid the need to use "excludes" in role application; this silences
warnings with Moose 1.10
0.101760 2010-06-25 08:18:26 America/New_York
fix sendmail.t with latest Capture::Tiny (Justin Hunter)
pkgsrc changes:
- tidy
- add license definition
- adjust dependencies
Upstream changes:
3.002 2010-06-11
avoid a warning in MailInternet with zero headers found
Patch from upstream cvs repository to allow exmh to function
correctly with tcl 8.5 (or any earlier version). This patch
will not be needed after the next exmh upgrade.
No PKGREVISION bump since no uservisible changes.
* Restores compatibility with Postfix (which was broken in 2.70).
* Properly fixes signal-handling in child processes. 2.70 included a partial fix,
but signal-handling would break if you ran md-mx-ctrl reread.
