Changes since 1.2.3.1:
1.3.1:
Fixing dumb compiling bugs [BUG: #1108485]. GCC lets me write incorrect code!
Small modifications to tnef.spec.in as suggested by jmsl@users.sf.net
[BUG: #1102128]
Corrected type problems to improve portability to 64 bit systems and Mac.
1.3:
Adding feature to allow for saving of RTF data.
Changes since 1.0.0:
* Gpgme-1.0 has been supported (thanks to Toshio Kuratomi).
- A warning is displayed if a key for encryption is untrusted.
- The status of signature validity became more descriptive.
- Signatures inside nested multipart are now recognized.
* Messages are not retrieved multiple times anymore after POP3
session is aborted.
* Other bugfixes have been made.
Changes since 1.0.0rc:
* The first official release.
* The escaping of special characters in action commands has been
modified.
* The crash on deleting a remote account has been fixed.
Changes since 1.0.0beta4:
* The IMAP4 parser has been fixed for 64-bit platforms.
* Users are now asked to switch to online mode when sending in
offline.
* The line-joining problem of auto-wrapping has been fixed.
* Special characters are now properly escaped when executing action
commands.
* Some compiler warnings have been removed.
Changes since 1.0.0beta3:
* The Japanese manual has been updated.
* Some icons have been modified, and unused icons have been removed.
* The menu strings have been fixed.
* The workaround for invalid CR characters on POP3 has been made.
Changes in Exim version 4.44
1. Change 4.43/35 introduced a bug that caused file counts to be
incorrectly computed when quota_filecount was set in an appendfile
transport
2. Closing a stable door: arrange to panic-die if setitimer() ever fails. The
bug fixed in 4.43/37 would have been diagnosed quickly if this had been in
place.
3. Give more explanation in the error message when the command for a transport
filter fails to execute.
4. There are several places where Exim runs a non-Exim command in a
subprocess. The SIGUSR1 signal should be disabled for these processes. This
was being done only for the command run by the queryprogram router. It is
now done for all such subprocesses. The other cases are: ${run, transport
filters, and the commands run by the lmtp and pipe transports.
5. Some older OS have a limit of 256 on the maximum number of file
descriptors. Exim was using setrlimit() to set 1000 as a large value
unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
systems. I've change it so that if it can't get 1000, it tries for 256.
6. "control=submission" was allowed, but had no effect, in a DATA ACL. This
was an oversight, and furthermore, ever since the addition of extra
controls (e.g. 4.43/32), the checks on when to allow different forms of
"control" were broken. There should now be diagnostics for all cases when a
control that does not make sense is encountered.
7. $recipients is now available in the predata ACL (oversight).
8. Tidy the search cache before the fork to do a delivery from a message
received from the command line. Otherwise the child will trigger a lookup
failure and thereby defer the delivery if it tries to use (for example) a
cached ldap connection that the parent has called unbind on.
9. If verify=recipient was followed by verify=sender in a RCPT ACL, the value
of $address_data from the recipient verification was clobbered by the
sender verification.
10. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0
was its contents. (It was OK if the option was not defined at all.)
11. A "Completed" log line is now written for messages that are removed from
the spool by the -Mrm option.
12. $host_address is now set to the target address during the checking of
ignore_target_hosts.
13. When checking ignore_target_hosts for an ipliteral router, no host name was
being passed; this would have caused $sender_host_name to have been used if
matching the list had actually called for a host name (not very likely,
since this list is usually IP addresses). A host name is now passed as
"[x.x.x.x]".
14. Changed the calls that set up the SIGCHLD handler in the daemon to use the
code that specifies a non-restarting handler (typically sigaction() in
modern systems) in an attempt to fix a rare and obscure crash bug.
15. Narrowed the window for a race in the daemon that could cause it to ignore
SIGCHLD signals. This is not a major problem, because they are used only to
wake it up if nothing else does.
16. A malformed maildirsize file could cause Exim to calculate negative values
for the mailbox size or file count. Odd effects could occur as a result.
The maildirsize information is now recalculated if the size or filecount
end up negative.
17. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this
support for a long time. Removed HAVE_SYS_VFS_H.
18. Updated exipick to current release from John Jetmore.
19. Allow an empty sender to be matched against a lookup in an address list.
Previously the only cases considered were a regular expression, or an
empty pattern.
20. Exim went into a mad DNS lookup loop when doing a callout where the
host was specified on the transport, if the DNS lookup yielded more than
one IP address.
21. The RFC2047 encoding function was originally intended for short strings
such as real names; it was not keeping to the 75-character limit for
encoded words that the RFC imposes. It now respects the limit, and
generates multiple encoded words if necessary. To be on the safe side, I
have increased the buffer size for the ${rfc2047: expansion operator from
1024 to 2048 bytes.
22. Failure to deliver a bounce message always caused it to be frozen, even if
there was an errors_to setting on the router. The errors_to setting is now
respected.
23. If an IPv6 address is given for -bh or -bhc, it is now converted to the
canonical form (fully expanded) before being placed in
$sender_host_address.
24. Updated eximstats to version 1.33
25. Include certificate and key file names in error message when GnuTLS fails
to set them up, because the GnuTLS error message doesn't include the name
of the failing file when there is a problem reading it.
26. Expand error message when OpenSSL has problems setting up cert/key files.
As per change 25.
27. Reset the locale to "C" after calling embedded Perl, in case it was changed
(this can affect the format of dates).
28. exim_tidydb, when checking for the continued existence of a message for
which it has found a message-specific retry record, was not finding
messages that were in split spool directories. Consequently, it was
deleting retry records that should have stayed in existence.
29. eximstats updated to version 1.35
1.34 - allow eximstats to parse syslog lines as well as mainlog lines
1.35 - bugfix such that pie charts by volume are generated correctly
30. The SPA authentication driver was not abandoning authentication and moving
on to the next authenticator when an expansion was forced to fail,
contradicting the general specification for all authenticators. Instead it
was generating a temporary error. It now behaves as specified.
31. The default ordering of permitted cipher suites for GnuTLS was pessimal
(the order specifies the preference for clients). The order is now AES256,
AES128, 3DES, ARCFOUR128.
31. Small patch to Sieve code - explicitly set From: when generating an
autoreply.
32. Exim crashed if a remote delivery caused a very long error message to be
recorded - for instance if somebody sent an entire SpamAssassin report back
as a large number of 550 error lines. This bug was coincidentally fixed by
increasing the size of one of Exim's internal buffers (big_buffer) that
happened as part of the Exiscan merge. However, to be on the safe side, I
have made the code more robust (and fixed the comments that describe what
is going on).
33. Some experimental protocols are using DNS PTR records for new purposes. The
keys for these records are domain names, not reversed IP addresses. The
dnsdb PTR lookup now tests whether its key is an IP address. If not, it
leaves it alone. Component reversal etc. now happens only for IP addresses.
CAN-2005-0021
34. The host_aton() function is supposed to be passed a string that is known
to be a valid IP address. However, in the case of IPv6 addresses, it was
not checking this. This is a hostage to fortune. Exim now panics and dies
if the condition is not met. A case was found where this could be provoked
from a dnsdb PTR lookup with an IPv6 address that had more than 8
components; fortuitously, this particular loophole had already been fixed
by change 4.50/55 or 4.44/33 above.
If there are any other similar loopholes, the new check in host_aton()
itself should stop them being exploited. The report I received stated that
data on the command line could provoke the exploit when Exim was running as
exim, but did not say which command line option was involved. All I could
find was the use of -be with a bad dnsdb PTR lookup, and in that case it is
running as the user.
CAN-2005-0021
35. There was a buffer overflow vulnerability in the SPA authentication code
(which came originally from the Samba project). I have added a test to the
spa_base64_to_bits() function which I hope fixes it.
CAN-2005-0022
36. The daemon start-up calls getloadavg() while still root for those OS that
need the first call to be done as root, but it missed one case: when
deliver_queue_load_max is set with deliver_drop_privilege. This is
necessary for the benefit of the queue runner, because there is no re-exec
when deliver_drop_privilege is set.
37. Caching of lookup data for "hosts =" ACL conditions, when a named host list
was in use, was not putting the data itself into the right store pool;
consequently, it could be overwritten for a subsequent message in the same
SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked
the caching.)
38. Sometimes the final signoff response after QUIT could fail to get
transmitted in the non-TLS case. Testing !tls_active instead of tls_active
< 0 before doing a fflush(). This bug looks as though it goes back to the
introduction of TLS in release 3.20, but "sometimes" must have been rare
because the tests only now provoked it.
Bump BUILDLINK_DEPENDS of pico, and the PKGREVISION of both pico and pine.
To help avoid this problem in the future, add a comment to pico/Makefile,
indicating where the shlib version is maintained and when it should be bumped.
> apply a patch from evution CVS:
> 2005-01-20 Not Zed <NotZed@Ximian.com>
> * camel-lock-helper.c (main): since malloc(MAXINT+1) returns a
> valid pointer, validate the length of the path before using it.
> set maximum path to 65000 characters. Spotted by Max Vozeler
> <max@hinterhof.net>
>
> This fixes the security vulnerability refered to as CAN-2005-0102.
> bump PKGREVISION
> apply a patch from evution CVS:
> 2005-01-20 Not Zed <NotZed@Ximian.com>
> * camel-lock-helper.c (main): since malloc(MAXINT+1) returns a
> valid pointer, validate the length of the path before using it.
> set maximum path to 65000 characters. Spotted by Max Vozeler
> <max@hinterhof.net>
>
> This fixes the security vulnerability refered to as CAN-2005-0102.
> bump PKGREVISION
2005-01-20 Not Zed <NotZed@Ximian.com>
* camel-lock-helper.c (main): since malloc(MAXINT+1) returns a
valid pointer, validate the length of the path before using it.
set maximum path to 65000 characters. Spotted by Max Vozeler
<max@hinterhof.net>
This fixes the security vulnerability refered to as CAN-2005-0102.
bump PKGREVISION
Additions include:
* Enable-Newmail-in-Xterm-Icon now also sets the title bar text to
indicate new mail
* New feature Enable-Newmail-Short-Text-in-Icon
* New UNIX Pine feature NewMail-FIFO-Path
* New feature NewMail-Window-Width
* Select command may use the pattern from an existing Rule (for
example, an Indexcolor Rule) for its selection criteria
* Beginning of Month and Beginning of Year options in Rules
* Some additional tokens having to do with the current date may be
used in the folder name that is used as a target in a Filter Rule.
For example, you may filter messages to a folder named for the
current month by using the _CURYEAR_ and _CURMONTH_ tokens in the
folder name. The (long) list of all such tokens is here.
* Three additional tokens for use with Keywords may be used in the
Index-Format. They are SUBJKEYINIT, KEY, and KEYINIT (in addition
to the old SUBJKEY).
* Keywords may be displayed in color using Keyword Colors, available
from the Setup/Kolor screen
* The Keyword-Surrounding-Chars option may be used to slightly
modify the display of SUBJKEYINIT and SUBJKEY tokens.
* The Enable-Flag-Screen-Keyword-Shortcut option adds a shortcut
method of setting keywords
* When performing an aggregate reply (or forward), if the Role that
would be selected when replying (or forwarding) to each individual
message in the set is the same for all the messages, then that
role is used just like it would be when replying (or forwarding)
to any one of those messages.
* Delete/No Delete prompt added to Save command so that the source
message may be deleted or not on a Save-by-Save basis
* Status-Message-Delay option now allows reducing the status message
delays Pine sometimes adds
* New feature Save-Partial-Msg-Without-Confirm
* New feature Disable-Take-Fullname-in-Addresses
* New feature Sort-Default-FCC-Alpha
* New feature Sort-Default-Save-Alpha
* For selecting messages by Status, add the possibility of selecting
based on Recent or Unseen status
* Allow Take command to take addresses from html and enriched text
subtypes, as well as from plain text
Bugs that have been addressed in this release include:
* Crash when sending a message with a Role that sets the To header
if the Empty-Header-Message is set to
* Pine hangs in composer after alternate editor or speller is run
and new mail arrives that causes an External Categorizer command
to be executed
* Crash in MESSAGE INDEX when using a threaded sort. The crash is
most common when the sort is Reversed.
* Pine could crash or hang when the window was resized down to 3
lines or fewer while in the composer
* In the Role editor the "To Folders" command for the "Set Fcc"
action did not work
* After running Pine for a long time, it would slow down until
restarted
* Export command in FOLDER LIST did not work with dual-use folders
* When the Send-Without-Confirm option was turned on, flowed text
was not produced and the Fcc-Without-Attachments feature did not
work
* Display bug, folder was not un-highlighted
* When viewing a message from the separate thread index, new mail
arrival could cause Pine to leave the MESSAGE TEXT screen and drop
back to the MESSAGE INDEX screen on its own
* When the UnDelete command was typed in the composer with the
cursor in the middle of a header line, the text was inserted at
the beginning of the line instead of at the location of the cursor
* When some messages from a thread were selected (not including the
top of the thread), the view was Zoomed, and the feature
Slash-Collapses-Entire-Thread was turned on; the collapse command
caused messages to disappear from the view entirely
* Incorrect character conversions were possible when going from
ISO-8859-X to ISO-8859-1
* Quell-Charset-Warning will now also quell the short comment
included in header lines about the charset being different from
yours in addition to quelling the editorial comment at the top of
a message. This is the stuff that looks like "[ISO-8859-2]" in a
header line.
* If the Down Arrow key was held down it caused Pine to do a new
mail check for each repeated character, which caused a delay when
the key was held down by mistake. Changed that so that it does at
most one check per second.
* An unnecessary sort of the folder (causing a delay) was happening
when closing if a filter rule depended on message state
* Mouse in xterm failed when clicking in the folder screen
* Enable-Dot-Folders feature did not allow adding folders with names
beginning with dot
* When replying to a TEXT/ENRICHED message Pine was failing to
filter out the ENRICHED markup
* Crash caused by malformed ISO-2022-JP in header
* Crash when changing Inbox-Path if INBOX was not the current folder
* Adding a collection on a Cyrus server did not work if the folder
already existed (Pine tried to create it and failed)
* Pine gave incorrect messages when deleting dual-use
folders/directories
* Saving an attached message to INBOX from another collection did
not work correctly (it tried to create INBOX in the collection
instead)
* In some circumstances, Pine could announce "No messages expunged
from folder " after an expunge command that actually worked
correctly
* Allow alternate editor to use quoted arguments
* News drop folders weren't using the correct newsrc with
Enable-Multiple-Newsrcs enabled
* Error decoding some 8-bit headers, typically showing up as a
garbage character at the end of a name
imap-2004c:
fixes to quoted-printable encoding and CRAM-MD5 authentication.
NNTP proxy in imapd now supports the LIST and LSUB commands.
imap-2004b:
There are new ports for Solaris with Blastwave Community Open
Source Software (gcs) and Mandrake Linux (lmd).
SET_SNARFINTERVAL now controls how frequently local drivers
will move new mail from the mail spool as well as from a
maildrop. Maildrops are still tied to a minimum interval of
1 minute, but there is now no minimum for the spool file.
Character set conversions now map non-breaking space to space
if the destination character set doesn't have nbsp. JIS Roman
yen sign is now mapped to Unicode yen sign.
python*-pth packages into meta-packages which will install the non-pth
packages. Bump PKGREVISIONs on the non-pth versions to propagate the
thread change, but leave the *-pth versions untouched to not affect
existing installations.
Sync all PYTHON_VERSIONS_AFFECTED lines in package Makefiles.
We are pleased to announce the release of SquirrelMail 1.4.4. This
release is a strongly recommended upgrade due to a number of security
issues that have been resolved since 1.4.3a.
About This Release
------------------
This release contains a number of bug fixes, and security updates. The
list is very long, as this version has been hiding in the trees for a
while. For a full list of the changes, you can see the changelog here:
http://www.squirrelmail.org/changelog.php
A general summary of updates includes a few cross site scripting issues,
and two possible file inclusion issue (one remote, one local). Better
IMAP handling introduced for certain IMAP servers that advertise
LOGINDISABLED, folder handling, and a number of locales issues.
Locales
-------
Shortly after the release of 1.4.3, the locales were broken out of the
main branch into their own branch. This makes the SquirrelMail package
itself a lot smaller, along with allowing administrators to download just
the packages they need. Details on this change can be found in the
ReleaseNotes and the INSTALL files.
- use kerberos instead of kerberos5 as PKG_SUPPORTED_OPTIONS
to keep compliance with other kerberos aware packages in pkgsrc
- use the krb5 buildlink environment
Introduce support for gssapi which was also requested in pr pkg/26170 with
the according PKG_SUPPORTED_OPTIONS. gssapi will imply kerberos5.
RELEASE 3.2.6-STABLE
BUGFIX: Sedation level instantiates when not specified
(should default to off)
RELEASE 3.2.5-STABLE
BUGFIX: statisticalSedation preference is ignored
with a default value of "5" seconds to wait for mysql. This is necessary
because the gld process needs mysqld available when it's loaded,
and sometimes when booting mysqld, it needs more than 2 seconds to be
available.
- Changed return code in case of authentication error from EX_DATAERR
to EX_NOPERM
- Changed return code in case of missing/invalid configuration file or
nonexistent account from EX_NOINPUT/EX_DATAERR to EX_CONFIG
- Test return value of localtime(3) in msmtp_log()
- Windows specific code in net.c: moved translation of error code from
WSAStartup() from net_lib_init() to wsa_strerror()
- OpenSSL specific code in tls.c: minor cleanup in openssl_io_error()
- Always keep control of the format string in calls to merror(). (There
were four cases where the result of strerror() was passed as the format
string in smtp.c.)
- Clarified usage instructions of merror() in merror.h
- Check at initialization time whether support for a manually requested
authentication mechanism is compiled, *before* establishing a network
connection.
This required a change from smtp_auth_caps() to the (equally trivial)
smtp_authmech_is_supported() function.
Made the output of both "not compiled in" messages (TLS and auth mech)
consistent.
The return code for these error conditions is EX_UNAVAILABLE now.
- Make the output of -h/--help and -v/--version consistent with the GNU
utilities by including copyright and no-warranty notice (version) and
a short description and the bug report address (--help).
- Add missing declarations of optarg and optind to msmtp.c, needed for
getopt() handling. No compiler complained so far, though.
- Fixed stupid error in smtp.c that prevented the detection of output
errors when sending the RCPT TO command (highly unlikely to occur).
- Cosmetic change in -v/--version output that avoids lines longer than
80 characters
- Fixed some man page typos
- Fixed typos in conffile.c error message
- Fixed typo in tls.c error message (OpenSSL code only)
- Changed error messages: "bla [blub]" -> "bla: blub"
- Improved some TLS error messages
- Corrected short description in man page, README and code comments
- Updated README.dos
-some IMAP errors would cause getmail to raise an exception, instead of
gracefully proceeding with the next configured mail account. Fixed.
Thanks: Matthias Andree.
Assuming you have an account on a server that supports IMAP/POP, you can use
an installation of IMP to check your mail from anywhere that you have web
access.
This is the 4.x branch of IMP designed to work with Horde 3.x.
