1.1:
Drop support for Python 3.4.
As per RFC 5321, §4.1.4, multiple HELO / EHLO commands in the same session are semantically equivalent to RSET.
As per RFC 5321, $4.1.1.9, NOOP takes an optional argument, which is ignored. API BREAK If you have a handler that implements handle_NOOP(), it previously took zero arguments but now requires a single argument.
The command line options --version / -v has been added to print the package’s current version number.
General improvements in the Controller class.
When aiosmtpd handles a STARTTLS it must arrange for the original transport to be closed when the wrapped transport is closed. This fixes a hidden exception which occurs when an EOF is received on the original tranport after the connection is lost.
Widen the catch of ConnectionResetError and CancelledError to also catch such errors from handler methods.
Added a manpage for the aiosmtpd command line script.
Added much better support for the HELP. There’s a new decorator called @syntax() which you can use in derived classes to decorate smtp_*() methods. These then show up in HELP responses. This also fixes HELP responses for the LMTP subclass.
The Controller class now takes an optional keyword argument ssl_context which is passed directly to the asyncio create_server() call.
Features:
- Limits rate of automatic responses (defaults to a maximum of one
message every hour).
- Will not respond to nearly every type of mailing list or bulk email.
- Will not respond to bounce messages or MAILER-DAEMON.
- Bounces looping messages.
- Can insert the original subject into the response.
- Can copy original message into response.
- Can use links in the rate-limiting data directory to limit inode usage
to a single inode.
- Can limit responses to a certain date/time range.
Changes since version 1.9.0:
This is a bug fix release, coming shortly after the last release due to
a possible segfault fix with IMAP. There are also fixes for the trash
folder, imap_poll_timeout, and GMail flags notifications.
version 0.97: Thu 2 Feb 15:52:27 CET 2017
Improvements:
- spell checks from Debian.
rt.cpan.org#118328 [Angel Abad]
- share podtail with MailBox
version 0.96: Mon Sep 19 23:15:07 CEST 2016
Fixes:
- include examples in the manual-pages
version 0.95:
Improvements:
- move t/99pod.t to xt/ and remove dependency on Test::Pod
- spell checks from Debian.
rt.cpan.org#92483 [Salvatore Bonaccorso]
0.13 Mon Jan 4 11:44:52 CET 2016
-fix: Escape braces in regexp / Debian bug#809102 / CPAN bug #110664
Unescaped braces in regexp are deprecated and issue a warning when used in Perl 5.22.
-fix: typo CPAN bug #110668 Debian
--- 1.999.1 (2006-02-26 18:00)
Mail::SPF::Query:
* Do not use \p{} named properties in the "a" and "mx" mechanisms' argument
validation code, since Perl 5.6 requires (flaky) "use utf8" for them to
work, and [a-z]/[a-z0-9] should work just as well (closes rt.cpan.org bug
#17815).
* Some minor documentation formatting improvements.
Debian:
+ Added watch file.
0.80 2017-08-20 NEILB
- NEILB got co-maint to do a release that includes META.yml and META.json.
- Switched to Dist::Zilla.
- Added COPYRIGHT section to pod.
- Fixed the NAME section in pod to follow expected format.
- Added "use warnings" and fixed all the warnings.
- Manually set $VERSION, as it's used in the code
0.79_16 2006-07-08 MIVKOVIC
- experimental SMTP AUTH support (LOGIN PLAIN CRAM-MD5 DIGEST-MD5)
- Fix bug where one refused RCPT TO: would abort everything
- send EHLO, and parse response (for later AUTH implementation)
- better handling of multi-line responses, and better error-messages
- Also normalize line endings in headers
- Now keeps the Sender header if it was used. Previous versions
only used it for the MAIL FROM: command and deleted it.
- No space between "MAIL FROM:" or "RCPT TO:" and address.
version 3.003: Thu 29 Jun 15:18:15 CEST 2017
Fixes:
- change license back to "perl" after accidental change
rt.cpan.org#120319 [Jitka Plesnikova]
version 3.002: Fri 31 Mar 14:22:17 CEST 2017
Fixes:
- repair test on Windows again :(
- error while global destruction of locker
- show installed version of POP3, not POP4 (of course)
rt.cpan.org#120651 [Kent Fredric]
version 3.001: Mon 6 Feb 17:07:53 CET 2017
Fixes:
- test on windows, cause the path syntax differences
- posix lock on BSD [Slaven Rezic]
- SEE ALSO links broken.
rt.cpan.org#120119 [Christophe Deroulers]
- do not test multi-lock on BSDs
Improvements:
- Mail::Box::Locker* cleaner OO
- ::Locker::Multi uses FcntlLock, not POSIX by default
version 3.000: Thu 2 Feb 15:50:36 CET 2017
Changes:
- split Mail::Box 2* into separate distributions:
Mail::Box basic and simple mail folders
Mail::Message only message handling
Mail::Transport sending messages
Mail::Box::IMAP4 net-imap folders
Mail::Box::POP3 pop3(s) folders
Mail::Box::Dbx Outlook express folders (unpublished)
- simplify structure of tests
- do not ask questions during installation
- shared footer
1.946 2017-08-31 09:29:41-04:00 America/New_York
- propagate encode_check to subparts (thanks, Michael McClimon)
- use the new parse_content_disposition function in
Email::MIME::ContentType (thanks, Pali Rohár)
- fix a bug in AddressList handling (thanks, Pali Rohár)
This module implements RFC 2822 parser and formatter of email
addresses and groups. It parses an input string from email headers
which contain a list of email addresses or a groups of email addresses
(like From, To, Cc, Bcc, Reply-To, Sender, ...). Also it can generate
a string value for those headers from a list of email addresses
objects.
Parser and formatter functionality is implemented in XS and uses
shared code from Dovecot IMAP server.
2017-09-12 Richard Russon <rich@flatcap.org>
* Bug Fixes
- broken check on resend message
- crash in vfolder-from-query
* Build
- Be more formal about quoting in m4 macros
- fix warnings raised by gcc7
- notmuch: add support for the v5 API
RELEASE 1.2.6
-------------
- Don't ignore (global) userlogins/sendmail logging in per_user_logging mode
- Managesieve: Fix AM/PM suffix in vacation time selectors
- Fix bug where comment notation within style tag would cause the whole style
to be ignored (#5747)
- Fix bug where it wasn't possible to scroll folders list in Edge (#5750)
- Fix addressbook searching by gender (#5757)
- Fix SQL syntax error on MariaDB 10.2 (#5774)
- Fix bug where it wasn't possible to set timezone to auto-detected value
(#5782)
- Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure
rcube_utils::random_bytes() result has always requested length (#5788)
- Fix potential XSS vulnerability with malformed HTML message markup
2017-09-07 Richard Russon <rich@flatcap.org>
* Contrib
- Add guix build support
* Bug Fixes
- Only match real mailboxes when looking for new mail
- Fix the printing of ncurses version in -v output
- Bind editor \<delete\> to delete-char
- Fix overflowing colours
- Fix empty In-Reply-To generation
- Trim trailing slash from completed dirs
- Add guix-neomutt.scm
- Fix setting custom query_type in notmuch query
* Website
- New technical documentation LINK
- Improve Gentoo distro page
* Build
- Better curses identification
- Use the system's wchar_t support
- Use the system's md5 tool (or equivalent)
- Clean up configure.ac
- Teach gen-map-doc about the new opcode header
* Source
- Rename functions (snake_case)
- Rename constants/defines (UPPER_CASE)
- Create library of shared functions
- Much tidying
- Rename globals to match user config
- Drop unnecessary functions/macros
- Use a standard list implementation
- Coverity fixes
- Use explicit NUL for string terminators
- Drop OPS\* in favour of opcodes.h
* Upstream
- Fix menu color calls to occur before positioning the cursor
- When guessing an attachment type, don't allow text/plain if there is a null character
- Add $imap_poll_timeout to allow mailbox polling to time out
- Handle error if REGCOMP in pager fails when resizing
- Change recvattach to allow nested encryption
- Fix attachment check_traditional and extract_keys operations
- Add edit-content-type helper and warning for decrypted attachments
- Add option to run command to query attachment mime type
- Add warning about using inline pgp with format=flowed
+ $ssl_verify_partial_chains permits verifying partial certificate chains.
This allows the storage of only intermediate/host certificates in the
$certificate_file. (OpenSSL 1.0.2b and newer only)
! SNI support added for OpenSSL and GnuTLS.
+ Choice and confirmation prompts can now wrap across multiple lines.
+ Window resizes are handled while in the line editor.
+ "color compose" can color the compose menu header fields and the
security status. See "Using Color and Mono Video Attributes" in the
manual for more details.
+ Setting $header_color_partial allows partial coloring of headers in the
pager. This can be used to color just the header labels, or strings
inside the headers. hdrdefault controls the color of the unmatched part.
+ When $history_remove_dups is set, duplicates in the history ring will
be scanned and removed each time a new entry is added.
! IMAP header downloading was improved to support out-of-order and
missing MSN entries.
! $message_cache_clean should be faster for large mailboxes.
+ Self-encryption can be enabled using the $pgp_self_encrypt,
$pgp_self_encrypt_as, $smime_self_encrypt, and $smime_self_encrypt_as
options.
! $postpone_encrypt now will use the $pgp_self_encrypt_as or
$smime_self_encrypt_as option values first. $postpone_encrypt_as will
be checked second, but should be considered deprecated.
+ $forward_attribution_intro and $forward_attribution_trailer can be used
to customize the message preceding and following a forwarded message.
+ The ~<() and ~>() pattern operators match messages whose immediate parent,
or immediate children respectively, match the subpattern inside ().
They are more specific versions of the ~() pattern operator.
+ $imap_poll_timeout allow IMAP mailbox polling to time out. This defaults
to 15 seconds.
+ The attachment menu now supports nested encryption. This allows
attachments in nested encrypted messages to be saved or operated on.
+ $mime_type_query_command specifies a command to run to determine
a new attachment's mime type. When $mime_type_query_first is set,
this command will be run before looking at the mime.types file.
Changelog v0.4.20:
+ Made the retention period for redirect duplicate identifiers
configurable. For accounts that perform many redirects, the lda-dupes
database could grow to impractical sizes. Changed the default
retention period from 24 to 12 hours.
- sieve-filter: Fixed memory leak: forgot to clean up script binary at
end of execution. Normally, this would merely be an inconsequential
memory leak. However, when the script comes from an LDAP storage, this
would cause io leak warnings.
- managesieve-login: Fixed handling of AUTHENTICATE command. A second
authenticate command would be parsed wrong. This problem was caused by
changes in the previous release.
- LDA Sieve plugin: Fixed minor memory leak caused by not cleaning up
the sieve_discard script.
msmtp provides MacOS X Keychain support by using the configuration
option `--with-macosx-keyring`. With this setting enabled passwords
for msmtp can be stored in the MacOS X keychain.
From Thomas Merkel in NetBSD/pkgsrc#14
There are various changes in this release that can be used to significantly reduce disk IO with:
1) NFS storage especially, but I guess also other remote filesystems and even some with local disks
2) When mail storage and INDEX storage are separated
* imapc: Info-level line is logged every time when successfully
connected to the remote server. This includes local/remote IP/port,
which can be useful for matching against external logs.
* config: Log a warning if plugin { key=no } is used explicitly.
v2.3 will support "no" properly in plugin settings, but for now
any value at all for a boolean plugin setting is treated as "yes",
even if it's written as explicit "no". This change will now warn
that it most likely won't work as intended.
+ Various optimizations to avoid accessing files/directories when it's
not necessary. Especially avoid accessing mail root directories when
INDEX directories point to a different filesystem.
+ mail_location can now include ITERINDEX parameter. This tells Dovecot
to perform mailbox listing from the INDEX path instead of from the
mail root path. It's mainly useful when the INDEX storage is on a
faster storage.
+ mail_location can now include VOLATILEDIR=<path> parameter. This
is used for creating lock files and in future potentially other
files that don't need to exist permanently. The path could point to
tmpfs for example. This is especially useful to avoid creating lock
files to NFS or other remote filesystems. For example:
mail_location=sdbox:~/sdbox:VOLATILEDIR=/tmp/volatile/%2.256Nu/%u
+ mail_location's LISTINDEX=<path> can now contain a full path.
This allows storing mailbox list index to a different storage
than the rest of the indexes, for example to tmpfs.
+ mail_location can now include NO-NOSELECT parameter. This
automatically deletes any \NoSelect mailboxes that have no children.
These mailboxes are sometimes confusing to users.
+ mail_location can now include BROKENCHAR=<char> parameter. This can
be useful with imapc to access mailbox names that aren't valid mUTF-7
charset from remote servers.
+ If mailbox_list_index_very_dirty_syncs=yes, the list index is no
longer refreshed against filesystem when listing mailboxes. This
allows the mailbox listing to be done entirely by only reading the
mailbox list index.
+ Added mailbox_list_index_include_inbox setting to control whether
INBOX's STATUS information should be cached in the mailbox list
index. The default is "no", but it may be useful to change it to
"yes", especially if LISTINDEX points to tmpfs.
+ userdb can return chdir=<path>, which override mail_home for the
chdir location. This can be useful to avoid accessing home directory
on login.
+ userdb can return postlogin=<socket> to specify per-user imap/pop3
postlogin socket path.
+ cassandra: Add support for result paging by adding page_size=<n>
parameter to the connect setting.
+ dsync/imapc, pop3-migration plugin: Strip also trailing tabs from
headers when matching mails. This helps with migrations from Zimbra.
+ imap_logout_format supports now %{appended} and %{autoexpunged}
+ virtual plugin: Optimize IDLE to use mailbox list index for finding
out when something has changed.
+ Added apparmor plugin. See https://wiki2.dovecot.org/Plugins/Apparmor
- virtual plugin: A lot of fixes. In many cases it was also working
very inefficiently or even incorrectly.
- imap: NOTIFY parameter parsing was incorrectly "fixed" in v2.2.31.
It was actually (mostly) working in previous versions, but broken
in v2.2.31.
- Modseq tracking didn't always work correctly. This could have caused
imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to
not work perfectly.
- mdbox: "Inconsistency in map index" wasn't fixed automatically
- dict-ldap: %variable values used in the LDAP filter weren't escaped.
- quota=count: quota_warning = -storage=.. was never executed (try 2).
v2.2.31 fixed it for -messages, but not for -storage.
- imapc: >= 32 kB mail bodies were supposed to be cached for subsequent
FETCHes, but weren't.
- quota-status service didn't support recipient_delimiter
- acl: Don't access dovecot-acl-list files with acl_globals_only=yes
- mail_location: If INDEX dir is set, mailbox deletion deletes its
childrens' indexes. For example if "box" is deleted, "box/child"
index directory was deleted as well (but mails were preserved).
- director: v2.2.31 caused rapid reconnection loops to directors
that were down.
Changelog:
Fixed
Unwanted inline images shown in rogue SPAM messages
Fixed
Deleting message from the POP3 server not working when maildir storage was used
Fixed
Message disposition flag (replied / forwarded) lost when reply or forwarded message was stored as draft and draft was sent later
Fixed
Inline images not scaled to fit when printing
Fixed
Selected text from another message sometimes included in a reply
Fixed
No authorisation prompt displayed when inserting image into email body although image URL requires authentication
Fixed
Large attachments taking a long time to open under some circumstances
Fixed
Various security fixes
This project uses a Perl-style Configure script that can use a
custom config.sh to provide default answers to questions that it
asks as part of the configuration process. Modify the custom
${FILESDIR}/config.sh to allow substituting for @PKGMANDIR@ in the
default location for unformatted manpages.
Upstream changes:
1.021 2017-08-02 19:35:56-04:00 America/New_York
- reject non-ASCII and control characters in strict mode (thanks, Pali
Roh獺r)
1.020 2017-07-25 12:39:31-04:00 America/New_York
- unbreak Email::MIME (which violates encapsulation (again))
- eliminate some @_ / $_ confusion
1.019 2017-07-06 16:06:19-04:00 America/New_York (TRIAL RELEASE)
- better parsing all around, thanks to Pali Roh獺r:
- support for RFC 2231 (character set and parameter continuations)
- support for RFC 2822 comments
- we only Carp if header-parsing fails now
- we're more lenient in dealing with spaces around tokens
ytnef, programs that use libytnef to parse and handle Microsoft TNEF
attachments.
These are the programs that come with the same distfile as libytnef
and are from the same author.
The changes in patch-ytnef.c has been applied upstream.
patch-ytnef.c has now been removed.
Changes from Changelog:
v1.9.2 - February 23, 2017
Thanks to @hannob for finding some Out-of-bound exceptions in memory handline.
* [SECURITY] An invalid memory access (heap overrun) in handling LONG datatypes (CVE-2017-6800)
* [SECURITY] Missing a check for fields of size 0 (CVE-2017-6801)
* [SECURITY] Potential buffer overrun on incoming Compressed RTF Streams (CVE-2017-6802)
This version & the previous 1.9.1 resolves the following CVEs:
* CVE-2017-6306
* CVE-2017-6305
* CVE-2017-6304
* CVE-2017-6303
* CVE-2017-6302
* CVE-2017-6301
* CVE-2017-6300
* CVE-2017-6299
* CVE-2017-6298
v1.9.1 - Feb 14, 2017
* BugFix for path handling- label both / and \ as invalid characters inattachments
* Remove lots of exit(-1)'s from the code that would crash calling programs
* [SECURITY] Thanks to EricSesterhennX41 for a patch to fix lots of invalid
memory allocation around corrupted files.
v1.9 - January 2, 2017
* Unify libytnef and ytnef tools into a single build & package (Thanks @jmallach)
* Fix applied for CVE-2010-5109
* Various fixes for errors found via Static Analysis (cppcheck)
* Various memory leaks plugged (Thanks @slonik-v-domene)
* Bugfix for a broken "uniqueness" checker
* Lots of formatting & documentation cleanups
Now that the two packages are unified into a single install & build, I've had
to choose a unifier of Version Numbers. I chose 1.9 .
Enigmail 1.9.8
Released 2017-06-30, works with Thunderbird 52.0 & newer and SeaMonkey 2.46 & newer.
Notable Changes
This is a bugfix release. In addition, some locales were updated.
Bugs fixed
This version fixes a bug which blocks the mail sending process.
Notmuch 0.25 (2017-07-25)
=========================
General
-------
Add regexp searching for mid, paths, and tags.
Skip HTML tags when indexing
In particular this avoids indexing large inline images.
Command Line Interface
----------------------
Bash completion is now installed to /usr/share by default.
Allow space as separator for keyword arguments.
Emacs
-----
Support for stashing message timestamp in show and tree views
Invoking `notmuch-show-stash-date` with a prefix argument
stashes the unix timestamp of the current message instead of
the date string.
Don't use 'function' as variable name, workaround emacs bug 26406.
Library Changes
---------------
Add workaround for date parsing of bad input in older GMime
In certain circumstances, older GMime libraries could return
negative numbers when parsing syntactically invalid dates.
Replace deprecated functions with status returning versions
API of notmuch_query_{search,count}_{messages,threads} has
changed. notmuch_query_add_tag_exclude now returns a status
value.
Add support for building against GMime 3.0.
Rename libutil.a to libnotmuch_util.a.
libnotmuch SONAME is incremented to libnotmuch.so.5.
The installed cyradm shell script contained the path to the shell
in the tools directory instead of the system /bin/sh. This
happened as part of the build process by the Perl MakeMaker system
used to build the Cyrus Perl modules. Make the replacement at
post-build time to change it back to /bin/sh.
This fix was mirrored from the identical fix to the cyrus-imapd24
module by jnemeth@pkgsrc.org.
Bump the PKGREVISION of the cyrus-imapd and cyrus-imapd23 packages
due to the change in the installed script.
- Apply the qbiff-utmpx patch to (probably) fix build on FreeBSD
- Enable "qmail-srs" by default
- Add "qmail-customerror", enabled by default
- Move TLS config steps from INSTALL to MESSAGE.tls
Set PKG_SYSCONFSUBDIR where appropriate, and use {MAKE,OWN}_DIRS to
create the directory tree under ${PKG_SYSCONFDIR} instead of using
INSTALLATION_DIRS.
Bump the PKGREVISION of packages that changed due to changes in the
package install scripts.
For all services where we set procname, prefix "nb". This makes it even
harder for observers to fail to notice that this isn't a Life with qmail
install, and happens to match the log tags already being applied.
Bump version.
from /service), the rc.d script can't tell which is ours. Make and use
a pidfile.
(The other rc.d scripts set argv[0] to names that are unlikely to
collide, but there's no easy way to do that for the qmail-send process
exec'd by qmail-start.)
Bump PKGREVISION.
install-destdir and instcheck about the .gz extensions. While here,
handle INSTALL and SENDMAIL docs on case-insensitive filesystems in a
more straightforward way. Bump PKGREVISION.
being terminated with bare LFs, getting tempfailed by some SMTP servers
(such as qmail!), and getting stuck in the local queue. Tweak the EAI
patch to terminate header lines with CRLF, as unpatched qmail-remote
would have done. Submitted upstream. Bump PKGREVISION.
during the build stage, so can't use a simple REPLACE_SH.
This is a build problem that likely is only detected when
PKG_DEVELOPER=YES so bump PKGREVISION anyways.
- Collapse redundant code for invoking service-specific rc.d scripts.
- Don't try to run a service's rc.d script if it isn't enabled in rc.conf.
- Run "pause" in reverse sequence, like "stop" does.
- Support "stat", "pause", and "cont" in qmailqread.
Bump version.
Upstream changes:
1.945 2017-07-25 14:17:32-04:00 America/New_York
- fix encode-check.t to pass under legacy Test::Builder
1.944 2017-07-25 12:38:41-04:00 America/New_York
- non-trial release of header_as_obj changes
- support for supplying a non-croak encode_check (thanks, Matthew
Horsfall)
1.943 2017-06-09 19:00:09-04:00 America/New_York (TRIAL RELEASE)
- add Email::MIME::Header::AddressList and related support code
1.942 2017-03-05 08:15:00-05:00 America/New_York (TRIAL RELEASE)
- This adds ->header_as_obj to get MIME headers out of the header not
as strings, but as objects. The field-to-header mapping can be
amended with the ->set_class_for_header method.
1.941 2017-03-04 19:12:11-05:00 America/New_York (TRIAL RELEASE)
- pointless mistake release
- Remove qmail-qfilter-*-queue shell scripts, which would conflict with
the C programs of the same name included in mail/qmail 1.03nb29 with
the "qmail-rejectutils" option (enabled by default).
- Bump mail/qmail dependency to 1.03nb29.
- Shorten and improve MESSAGE.
Remove unneeded options:
- Unconditionally apply netqmail (which includes a local patch; remove it)
- Unconditionally apply bigdns, maildiruniq, outgoingip, rcptcheck, remote
- Unconditionally apply the TLS + SMTP AUTH _patch_ (not the options)
- Record all applied patches (mandatory and optional) in QMAILPATCHES
- Remove badrcptto, qregex, realrcptto, viruscan (moved to rejectutils)
Simplify packaging:
- Extract a standalone patch <https://schmonz.com/qmail/rejectutils> to
repackage the mutually conflicting recipient- and content-checking
patches as separate programs, along with wrappers for running checks
in sequence
- Extract a standalone patch <https://schmonz.com/qmail/destdir> to
build to a staging area, as non-root, without hardcoded IDs
- Run the destdir patch's `install-destdir` to make or repair the queue
and set special file permissions, obviating the need for a dependency
on mail/queue-fix and handcrafted SPECIAL_PERMS
- While here, run `instcheck` to ensure we've installed just like `make
setup check` as root would have
- Install INSTALL and SENDMAIL docs under their original names,
even on Darwin
- Avoid building catpages, since we don't install them, and remove nroff
from USE_TOOLS
Default-enable more useful options:
- "eai" (new) permits UTF-8 almost everywhere in email
- "qmail-rejectutils" (new) adds several tools for selectively
rejecting messages
- "syncdir" forces synchronous link() and related syscalls
- "tls" and "sasl", instead of causing patch conflicts, cause the TLS
and SMTP AUTH code to be included (!)
2017-07-14 Richard Russon <rich@flatcap.org>
* Translations
- Update German translation
* Docs
- compile-time output: use two lists
- doxygen: add config file
- doxygen: tidy existing comments
* Build
- fix hcachever.sh script
* Upstream
- Fix crash when $postponed is on another server.
2017-07-07 Richard Russon <rich@flatcap.org>
* Features
- Support Gmail's X-GM-RAW server-side search
- Include pattern for broken threads
- Allow sourcing of multiple files
* Contrib
- vombatidae colorscheme
- zenburn colorscheme
- black 256 solarized colorscheme
- neonwolf colorscheme
- Mutt logos
* Bug Fixes
- flags: update the hdr message last
- gpgme S/MIME non-detached signature handling
- menu: the thread tree color
- Uses CurrentFolder to populate LastDir with IMAP
- stabilise sidebar sort order
- colour emails with a '+' in them
- the padding expando '%>'
- Do not set old flag if mark_old is false
- maildir creation
- Decode CRLF line endings to LF when copying headers
- score address pattern do not match personal name
- open attachments in read-only mode
- Add Cc, In-Reply-To, and References to default mailto_allow
- Improve search for mime.types
* Translations
- Update Chinese (Simplified) translation
* Coverity defects
- dodgy buffers
- leaks in lua get/set options
- some resource leaks
* Docs
- update credits
- limitations of new-mail %f expando
- escape <>'s in nested conditions
- add code of conduct
- fix ifdef examples
- update mailmap
- Update modify-labels-then-hide
- fix mailmap
- drop UPDATING files
* Website
- Changes pages (diff)
- Update Arch distro page
- Update NixOS distro page
- Add new Exherbo distro page
- Update translation hi-score table
- Update code of conduct
- Update Newbies page
- Add page about Rebuilding the Documentation
- Add page of hard problems
* Build
- remove unnecessary steps
- drop instdoc script
- move smime_keys into contrib
- fixes for Solaris
- don't delete non-existent files
- remove another reference to devel-notes.txt
- Handle native Solaris GSSAPI.
- drop configure options --enable-exact-address
- drop configure option --with-exec-shell
- drop configure option --enable-nfs-fix
- drop configure option --disable-warnings
- Completely remove dotlock
- More sophisticated check for BDB version + support for DB6 (non default)
* Tidy
- drop VirtIncoming
- split mutt_parse_mailboxes into mutt_parse_unmailboxes
- tidy some buffy code
- tidy the version strings
* Upstream
- Add ~<() and ~>() immediate parent/children patterns
- Add L10N comments to the GNUTLS certificate prompt
- Add more description for the %S and %Z $index_format characters
- Add config vars for forwarded message attribution intro/trailer
- Block SIGWINCH during connect()
- Improve the L10N comment about Sign as
- Auto-pad translation for the GPGME key selection "verify key" headers
- Enable all header fields in the compose menu to be translated
- Force hard redraw after $sendmail instead of calling mutt_endwin
- Make GPGME key selection behavior the same as classic-PGP
- Rename 'sign as' to 'Sign as'; makes compose menu more consistent
- Change the compose menu fields to be dynamically padded
Moll in NetBSD/pkgsrc#4. From the DESCR:
mailsend is a simple command line program to send mail via SMTP protocol.
The program does not use any config file and everything needed to compose
mails (and attachments) is driven via command line parameters.
- bugfix: if password_command parameter was used with a non-existent program,
getmail would error out during the handling of that condition and not report
the problem correctly.
- new release numbering scheme; previous version numbers were just getting
too high.
- catch and ignore/exit cleanly after reset connection in IMAP IDLE mode.
Thanks: Stephan Schulz.
- allow specifying an expected SSL certificate hostname, for when the
server's certificate does not match the domain name used to connect to
it. Thanks: "Andre".
- fix error message not actually giving the header field name incorrectly
specified as containing the envelope recipient address. Thanks: Hardy
Braunsdorf.
- add new password_command configuration parameter for retrievers, allowing
getmail to retrieve the account password from any arbitrary external
command. Suggestion: "ng0".
Upstream changes:
2017-04-14: Marc Bradshaw <marc@marcbradshaw.net>
* commit aac893fdbaa7f8ccd5d37fa7f20d1785406cda51
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Mar 17 14:53:53 2017 +1100
Avoid use of $_ in read loop
RT 106485: Mail::DKIM::PrivateKey->load tampering $_ and <FILE>
* commit 06934f259e392b2a3cf94560e6051d9e522d0bf3
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Mar 17 14:44:44 2017 +1100
Ensure PrivateKey file is closed properly.
Store PrivateKey file handle in lexical variable and close it
once we are done.
RT 120638: Mail::DKIM::PrivateKey does not close FILE
* commit 9e7c1c4cb78a6cb1cf396ece4379c7ed2c44c974
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Feb 27 12:08:11 2015 +1100
Allow greater control over signed headers
* commit 8291c034dc7db4394e9df80e70b8cbe8428a38c2
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Jan 23 09:54:02 2015 +1100
Allow greater control over which headers are signed by Signer
NEWS:
Changes of Sylpheed
* 3.6.0 (stable)
* The Japanese manual was updated.
* 3.6.0beta1 (development)
* The feature to use multiple signatures in one account was added.
* The edit group dialog of the address book was improved to allow
multilple selection and display its available list with folder tree.
* The menu 'Tools - Open configuration/attachments folder' was added.
* Printing settings and page setup are now saved.
* The Japanese manual was updated.
* IMAP: SUBSCRIBE command is explicitly issued for a newly created folder
by CREATE.
* Unix: the search location of SSL certificates for OpenBSD was added
(#222).
* Win32: a notice about not removing user data in the installer was
modified.
Changelog:
52.2.1
Fixed Problems with Gmail (folders not showing, repeated email download, etc.) introduced in version 52.2.0.
52.2.0
Fixed Embedded images not shown in email received from Hotmail/Outlook webmailer
Fixed Detection of non-ASCII font names in font selector
Fixed Attachment not forwarded correctly under certain circumstances
Fixed Multiple requests for master password when GMail OAuth2 is enabled
Fixed Large number of blank pages being printed under certain circumstances when invalid preferences were present
Fixed Messages sent via the Simple MAPI interface are forced to HTML
Fixed Calendar: Invitations can't be printed
Fixed Mailing list (group) not accessible from macOS or Outlook address book
Fixed Clicking on links with references/anchors where target doesn't exist in the message not opening in external browser
Fixed Various security fixes
#CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
#CVE-2017-7749: Use-after-free during docshell reloading
#CVE-2017-7750: Use-after-free with track elements
#CVE-2017-7751: Use-after-free with content viewer listeners
#CVE-2017-7752: Use-after-free with IME input
#CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
#CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
#CVE-2017-7757: Use-after-free in IndexedDB
#CVE-2017-7758: Out-of-bounds read in Opus encoder
#CVE-2017-7763: Mac fonts render some unicode characters as spaces
#CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
#CVE-2017-7765: Mark of the Web bypass when saving executable files
#CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, and Thunderbird 52.2
52.1.1
Fixed Large attachments may not be shown or saved correctly if the message is stored in an IMAP folder which is not synchronized for offline use
Fixed Unable to load full message via POP if message was downloaded partially (or only headers) before
Fixed Some attachments can't be opened or saved if the message body is empty
Fixed Crash when compacting IMAP folder
* This release adjusts Pigeonhole to several changes in the Dovecot API,
making it depend on Dovecot v2.2.31. Previous versions of Pigeonhole
will produce compile warnings with the recent Dovecot releases (but
still work ok).
- Fixed bug in handling of implicit keep in some cases. Implicit
side-effects, such as assigned flags, were not always applied
correctly. This is in essence a very old bug, but it was exposed by
recent changes.
- include extension: Fixed segfault that (sometimes) occurred when the
global script location was left unconfigured.
* LMTP: Removed "(Dovecot)" from added Received headers. Some
installations want to hide it, and there's not really any good reason
for anyone to have it.
+ Add ssl_alt_cert and ssl_alt_key settings to add support for
having both RSA and ECDSA certificates.
+ dsync/imapc, pop3-migration plugin: Strip trailing whitespace from
headers when matching mails. This helps with migrations from Zimbra.
+ acl: Add acl_globals_only setting to disable looking up
per-mailbox dovecot-acl files.
+ Parse invalid message addresses better. This mainly affects the
generated IMAP ENVELOPE replies.
- v2.2.30 wasn't fixing corrupted dovecot.index.cache files properly.
It could have deleted wrong mail's cache or assert-crashed.
- v2.2.30 mail-crypt-acl plugin was assert-crashing
- v2.2.30 welcome plugin wasn't working
- Various fixes to handling mailbox listing. Especially related to
handling nonexistent autocreated/autosubscribed mailboxes and ACLs.
- Global ACL file was parsed as if it was local ACL file. This caused
some of the ACL rule interactions to not work exactly as intended.
- auth: forward_* fields didn't work properly: Only the first forward
field was working, and only if the first passdb lookup succeeded.
- Using mail_sort_max_read_count sometimes caused "Broken sort-*
indexes, resetting" errors.
- Using mail_sort_max_read_count may have caused very high CPU usage.
- Message address parsing could have crashed on invalid input.
- imapc_features=fetch-headers wasn't always working correctly and
caused the full header to be fetched.
- imapc: Various bugfixes related to connection failure handling.
- quota=imapc sent unnecessary FETCH RFC822.SIZE to server when
expunging mails.
- quota=count: quota_warning = -storage=.. was never executed
- quota=count: Add support for "ns" parameter
- dsync: Fix incremental syncing for mails that don't have Date or
Message-ID headers.
- imap: Fix hang when client sends pipelined SEARCH +
EXPUNGE/CLOSE/LOGOUT.
- oauth2: Token validation didn't accept empty server responses.
- imap: NOTIFY command has been almost completely broken since the
beginning. I guess nobody has been trying to use it.
1.6.1: 14 Jun 2017
* [Fix] Allow to init resolver without rspamd_config
* [Fix] Do not crash when resolver failed to initialize
* [Fix] Fix abstract context layout
* [Fix] Fix CGP helper reply parsing
* [Fix] Fix crashes when socket write errors occur
* [Fix] Fix parsing IPv6 nameservers in resolv.conf
* [Fix] Milter: Don't defer on "greylist" action
1.6.0: 12 Jun 2017
* [Conf] Add rspamd_proxy to the default configuration set
* [Conf] Add sample arc module config
* [Conf] Do away with systemd specifics completely
* [Conf] Increase min_bytes to avoid FP
* [Conf] Remove ratelimits from default configuration
* [CritFix] Fix accepting on IPv6 sockets
* [CritFix] Fix corruption when multiple fuzzy are defined
* [CritFix] Fix learn condition in fuzzy check
* [CritFix] Fix memory leak in fuzzy check
* [CritFix] Fix memory leak in maps scheduling
* [CritFix] Paese the last character in DKIM signature correctly
* [CritFix] Zero fill sockaddr_un
* [Feature] Add ability to add doc strings by example
* [Feature] Add API to verify DKIM (and ARC) signatures
* [Feature] Add compression/decompression to proxy
* [Feature] Add count to url structure
* [Feature] Add initial support of the new protocol reply
* [Feature] Add Lua plugin spamtrap
* [Feature] Add `monitored_address` for rbls
* [Feature] Add new schema for bayes tokens
* [Feature] Add preliminary ARC support to dkim code
* [Feature] Add preliminary support of ARC signing
* [Feature] Add rules to detect bad 8bit characters in From and To
* [Feature] Add scanning support for milter protocol
* [Feature] Add support for bidirectional symbols in rspamd_stats
* [Feature] Add support for static maps
* [Feature] Add support of maps with multiple regexps matches
* [Feature] Add `text_multiplier` param
* [Feature] Add the preliminary ARC plugin
* [Feature] Add top redirector targets rank
* [Feature] Allow async events to be registered from LUA rules
* [Feature] Allow storing bayes tokens in Redis
* [Feature] Allow to exclude specific domains from mx check
* [Feature] Allow to have a stack of watcher finalisers
* [Feature] Allow to pass hostname to `-i` flag in Rspamc
* [Feature] Allow to set custom user agent in url redirector
* [Feature] Allow to use custom callback when parsing resolv.conf
* [Feature] Allow to use domain from authenticated user
* [Feature] Bayes expiry plugin
* [Feature] Check dkim sign keys for modifications
* [Feature] DKIM signing: sign_networks/local address specific use_domain settings
* [Feature] DMARC: Support excluding domains from sampling
* [Feature] Expire processing items for URL redirector aggressively
* [Feature] Fix surbl monitored for IP lists, add `monitored_domain` option
* [Feature] Implement caching for dkim body hashes
* [Feature] Implement milter protocol scan reply
* [Feature] Improve omograph phishing detection
* [Feature] Initial support of self-scan in Rspamd proxy
* [Feature] Keep track of headers in milter interface
* [Feature] Milter headers: better controls for local/authenticated
* [Feature] Multimap: email:domain:tld filter
* [Feature] Preliminary DMARC reporting implementation
* [Feature] Reuse stemmers in the cache
* [Feature] Rework confighelp to load Lua plugins
* [Feature] Rework hfilter to use hyperscan if possible
* [Feature] Rework lua RSA API
* [Feature] Rmilter_headers: approximate rmilter's extended_spam_headers
* [Feature] Start integration of milter support in proxy
* [Feature] Store average words length and short words count
* [Feature] Store hash of headers order and names
* [Feature] Support MTA name header
* [Feature] Support multiple types of dkim signing in Lua
* [Feature] Support numeric arguments for Redis requests
* [Feature] Use headers hash in bayes metatokens
* [Feature] Use normal resolv.conf rules of rotation in Rspamd
* [Feature] Use version 2 proto for checking messages
* [Fix] Allow to follow symlinks when safe
* [Fix] Append MX name for authentication results as required
* [Fix] Change default text multiplier from 0.5 to 2.0
* [Fix] Check min_bytes for images as well
* [Fix] Deal with 7bit charsets properly
* [Fix] Deal with 8bit characters in email addresses
* [Fix] Deal with unpaired <a> tags
* [Fix] Detect confighelp in plugins initialisation
* [Fix] Disable certain checks for utf spoof detection
* [Fix] DKIM Signing: avoid nil index when From header is missing
* [Fix] Do not add exact hashes from different parts
* [Fix] Do not check DMARC if SPF or DKIM were not checked
* [Fix] Do not check URLs that are resolved to be redirected
* [Fix] Do not set bayes probability if we don't use it
* [Fix] Do not stop on illegal unicode points - replace them
* [Fix] Fix another race condition in arc checks
* [Fix] Fix arc count logic
* [Fix] Fix ARC signing
* [Fix] Fix brain-damaged spamc protocol for now
* [Fix] Fix calling for peak functions
* [Fix] Fix couple of issues in FORWARDED rule
* [Fix] Fix CTE propagation from parent containers to children parts
* [Fix] Fix errors processing in the controller
* [Fix] Fix format string in milter
* [Fix] Fix issues in SPF macros parsing
* [Fix] Fix logging format string
* [Fix] Fix logic of cached passwords check
* [Fix] Fix lowercasing of stemmed words
* [Fix] Fix LRU elements removal
* [Fix] Fix memory leak when accepting from unix sockets
* [Fix] Fix milter connections persistence
* [Fix] Fix objects merging in UCL
* [Fix] Fix order of operations to avoid race condition
* [Fix] Fix parsing of long regexp types
* [Fix] Fix passing data to log helper when many symbols defined
* [Fix] Fix pools management for milter session
* [Fix] Fix processing of the watchers
* [Fix] Fix queue id macro in milter
* [Fix] Fix R_BAD_CTE_7BIT rule
* [Fix] Fix Redis timeout set
* [Fix] Fix REPLYTO_UNPARSEABLE rule
* [Fix] Fix setting of email address
* [Fix] Fix some more issues about duplicated fuzzy requests
* [Fix] Fix spamc support in rspamd proxy
* [Fix] Fix syntax error in spamtrap plugin
* [Fix] Fix url counts for href urls
* [Fix] Fix url handling in the protocol
* [Fix] Multimap: Received IP filters with Redis
* [Fix] Oops, fix d9d0fa5e86db2f4470d34395a233b450478b2f60
* [Fix] Parse rgb[a](x,x,x[,x]) css colors
* [Fix] Phishing: strict_domains
* [Fix] Reduce maps aggressiveness
* [Fix] Reresolve upstreams even if there is a single server there
* [Fix] Rspamadm grep: Disable Lua patterns in string search by default
* [Fix] Skip text parts when checking binary parts in fuzzy check
* [Fix] Support v2 checks in controller
* [Fix] Treat empty address as valid
* [Fix] Try harder to detect CTE
* [Fix] Try to deal with v4 mapped to v6 addresses on accept
* [Fix] Use dkim signing callback properly
* [Fix] Use non-volatile memory for storing data
* [Fix] Use static maps instead of ugly hack for radix_from_config
* [Fix] Use the same pool for related sessions
* [Rework] Continue modularisation for lua library
* [Rework] Initial milter protocol support
* [Rework] Make log pipes worker agnostic, add scanners API
* [Rework] Move authentication results generation to a separate routine
* [Rework] Move common DKIM functions to a separate lua module
* [Rework] Move global functions to a separate directory
* [Rework] Prepare dkim module for ARC checks
* [Rework] Propagate ucl variables from the command line
* [Rework] Remove multiple metrics support from Rspamd
* [Rework] Stop using name 'rmilter' for the modern protocol
* [Rework] Use LFU algorithm in LRU cache
* [Rules] Fix received TLS rules
* [Rules] Improve URL_COUNT_ODD rule
* [WebUI] Fix add header filter in history
* [WebUI] Use modern protocol for checking messages
1.5.9:
* [Conf] Increase min_bytes to avoid FP
* [Conf] Remove ratelimits from default configuration
* [CritFix] Fix accepting on IPv6 sockets
* [CritFix] Zero fill sockaddr_un
* [Feature] Add `text_multiplier` param
* [Fix] Check min_bytes for images as well
* [Fix] Do not add exact hashes from different parts
* [Fix] Fix memory leak when accepting from unix sockets
* [Fix] Fix some more issues about duplicated fuzzy requests
* [Fix] Phishing: strict_domains
* [Fix] Skip text parts when checking binary parts in fuzzy check
* [Minor] Add the same duplicates protection for all fuzzy hashes types
* [Minor] Fix braces
* [Minor] Fix test
* [Minor] SPOOF_DISPLAY_NAME: Use all SMTP/MIME recipients
* [Minor] Validate assumed spoofed display name domains to contain a dot
1.5.8:
* [CritFix] Fix memory leak in fuzzy check
* [CritFix] Fix memory leak in maps scheduling
* [Feature] Multimap: email:domain:tld filter
* [Fix] DKIM Signing: avoid nil index when From header is missing
* [Fix] Do not set bayes probability if we don't use it
* [Fix] Do not stop on illegal unicode points - replace them
* [Fix] Fix brain-damaged spamc protocol for now
* [Fix] Fix Redis timeout set
* [Fix] Fix spamc support in rspamd proxy
* [Fix] Multimap: Received IP filters with Redis
* [Fix] Parse rgb[a](x,x,x[,x]) css colors
* [Fix] Reresolve upstreams even if there is a single server there
* [Fix] Treat empty address as valid
* [Fix] Try harder to detect CTE
* [Fix] Try to deal with v4 mapped to v6 addresses on accept
* [Minor] Add `wsf` and `hta` bad archive extensions
* [Minor] Fix configuration option
* [Minor] Fix result parsing for SAVAPI
* [Minor] Further logging improvements
* [Minor] Improve logging of errors
* [Minor] Prevent MID_CONTAINS_FROM from firing on empty address
* [Minor] Reduce digit->number transmission penalty
* [Minor] Relax CTYPE_MISSING_DISPOSITION rule
1.5.7:
* [CritFix] Fix corruption when multiple fuzzy are defined
* [CritFix] Fix learn condition in fuzzy check
* [Feature] Add rules to detect bad 8bit characters in From and To
* [Feature] DKIM signing: sign_networks/local address specific use_domain settings
* [Feature] Support numeric arguments for Redis requests
* [Fix] Deal with 8bit characters in email addresses
* [Fix] Fix couple of issues in FORWARDED rule
* [Fix] Fix passing data to log helper when many symbols defined
* [Fix] Fix R_BAD_CTE_7BIT rule
* [Fix] Fix REPLYTO_UNPARSEABLE rule
* [Fix] Fix setting of email address
* [Fix] Rspamadm grep: Disable Lua patterns in string search by default
* [Minor] Add Lua 5.3 workaround
* [Minor] Add lua methods to detect if a part has 8bit characters
* [Minor] Allow session-less lua dns requests
* [Minor] Allow to append greylist end time to message reported
* [Minor] Avoid `nil` table
* [Minor] Disable dkim_signing if redis is specified but not configured
* [Minor] Fix build with pcre2
* [Minor] Fix rule
* [Minor] Fix warnings
* [Minor] Format floating point number
* [Minor] Push email flags to the lua API
* [Minor] Silence some warnings
* [Minor] Silence warning
* [Minor] Try all hostname regexps to find the most significant one
* [WebUI] Fix add header filter in history
Note: CVE-2017-7692 is already fixed by 1.4.23pre14605nb1.
- compose_send hook now has $draft flag in hook arguments
- Fixed insufficient sendmail command argument escaping (thanks
to Mitchel Sahertian, Beyond Security/Dawid Golunski and Filippo
Cavallarin for bringing this to our attention). [CVE-2017-7692]
- Upgraded preferences for the delete_move_next plugin. Automatic
user preference updates are included, but note that if your
installation is new, or all user prefs have been converted from
"on"/"off" to 0/1 then you can add the following to SquirrelMail's
config/config_local.php to avoid convertign legacy values over and over:
$do_not_convert_delete_move_next_legacy_preferences = TRUE;
- Added ability to control the display of the "Check Spelling"
button provided by the squirrelspell plugin, which allows
administrators to offer this plugin but keep it out of the way
for users who do not want it. Put sqspell_show_button=0 in
default preferences if it should be hidden by default
pkgsrc change: Add support for NetBSD 8.
This announcement (June 13, 2017) includes changes that were released
with an earlier update (June 10, 2017). The announcement was postponed
to avoid confusion due to repeated notification.
Fixed in all supported releases:
* Security: Berkeley DB versions 2 and later try to read settings
from a file DB_CONFIG in the current directory. This undocumented
feature may introduce undisclosed vulnerabilities resulting in
privilege escalation with Postfix set-gid programs (postdrop,
postqueue) before they chdir to the Postfix queue directory,
and with the postmap and postalias commands depending on whether
the user's current directory is writable by other users. This
fix does not change Postfix behavior for Berkeley DB versions
< 3, but it does reduce postmap and postalias 'create' performance
with Berkeley DB versions 3.0 .. 4.6.
Fixed in Postfix 3.2 and later:
* The SMTP server receive_override_options were not restored at
the end of an SMTP session, after the options were modified by
an smtpd_milter_maps setting of "DISABLE". Milter support
remained disabled for the life time of the smtpd process.
* After the Postfix 3.2 address/domain table lookup overhaul, the
check_sender_access and check_recipient_access features ignored
a non-default parent_domain_matches_subdomains setting.
to 180000000 bytes. From Nathan Arthur in private mail.
Allow path to tcpserver to be overridden in rc.conf (e.g., by
sslserver from net/ucspi-ssl). From Thomas Lazar in private mail.
Detach processes and their loggers from the controlling terminal
with pgrphack(8).
Include qmailqread in the services driven by the LWQ-style qmail
rc.d script.
Unconditionally depend on mail/mess822, now that it's correctly
marked public-domain. Remove qmail-run-ofmipd option.
Bump version.
Notmuch 0.24.2 (2017-06-01)
===========================
Command Line Interface
----------------------
Fix output from `notmuch dump --include=properties` to not include tags.
Emacs
-----
Fix filename stashing in tree view.
2017-06-09 Richard Russon <rich@flatcap.org>
* Contrib
- unbind mappings before overwriting in vim-keys
* Bug Fixes
- latest coverity issues (#624)
- don't pass colour-codes to filters
- Don't set a colour unless it's been defined.
- crash if no from is set or founds
- ifdef command
* Translations
- fix translations
- fix some remaining translation problems
* Docs
- explain binding warnings
- don't document unsupported arches
* Build
- fix make git_ver.h
- allow xsltproc and w3m calls to fail
- fix make dist
* Upstream
- Add a mutt_endwin() before invoking $sendmail
- Restore setenv function
- Fix tag-prefix to not abort on $timeout
- Change km_dokey() to return -2 on a timeout/sigwinch
- Enable TEXTDOMAINDIR override to make translation testing easier
- Fix "format string is not a string literal" warnings
2017-06-02 Richard Russon <rich@flatcap.org>
* Features
- Warn on bindkey aliasing
- Drop PATCHES, tidy 'mutt -v' output
- Add %z format strings to index_format
- Add debug_level/debug_file options
* Bug Fixes
- Fix nntp group selection
- Fix status color
- Tidy up S/MIME contrib
- Do not try to create Maildir if it is an NNTP URI
- Fix missing NONULL for mutt.set() in Lua
* Translations
- Fix German PGP shortkeys
* Docs
- Remove feature muttrc files
- Merge README.notmuch into manual
- Remove unneded scripts
- Remove README.SECURITY
- Remove BEWARE and devel-notes.txt
- Update Makefiles
- Delete TODO files
- Remove legacy files
- Don't generate vim-neomutt syntax file
- Remove LaTeX/pdf manual generation
- Add missing docs for expandos
- Fix sidebar howto examples
- Remove some upstream references
- Drop refs to patches
- Improve PR template and CONTRIBUTING.md
* Website
- Fix list items in newbie-tutorial's Mailing List Guidelines
- Remove configure options that no longer exist
- fix newbie tutorial
- document signing tags / releases
- config: drop unused paginate command
- script: split tests up into several
- convert credits page to markdown
- simpify 404 page
- improve newbie tutorial
- remove help.html and integrate its content elsewhere
- make: "graphviz" program is needed for generating diagram
- improve getting started guide // include legacy files
- dev: add list of architectures/operating systems
- numerous small fixes
* Build
- Remove typedefs and rename ~130 structs
- Add separate hcache dir
- Move crypto files to ncrypt dir
- Split up mutt.h, protos.h
- Always build: sidebar, imap, pop, smtp, compressed, nntp
- Remove --enable-mailtool configure option
- Make dotlock optional
- Change gpgme requirement back to 1.1.0
- Remove check_sec.sh
- Fix safe_calloc args
- Remove unused macros
- Remove unused option: SmimeSignOpaqueCommand
- Move configure-generated files
- Update distcheck build flags
- Drop obsolete iconv check
- Unused prototypes - unsupported systems
- Drop many configure tests for things defined in POSIX:2001
- Kill useless crypthash.h file
- Run clang-format on the code
- Fail early if ncursesw cannot be found
- Add names prototype arguments
- Abbreviate pointer tests against NULL
- Initialise pointers to NULL
- Reduce the scope of for loop variables
- Coverity: fix defects
* Upstream
- Convert all exec calls to use mutt_envlist(), remove setenv function
- Note that mbox-hooks are dependent on $move
- Refresh header color when updating label
- Remove glibc-specific execvpe() call in sendlib.c
- Add color commands for the compose menu headers and security status
- Fix sidebar count updates when closing mailbox
- Don't modify LastFolder/CurrentFolder upon aborting a change folder operation
- Change message modifying operations to additively set redraw flags
- Improve maildir and mh to report flag changes in mx_check_mailbox()
- Add $header_color_partial to allow partial coloring of headers
- Rename REDRAW_SIGWINCH to REDRAW_FLOW
- Create R_PAGER_FLOW config variable flag
- Turn IMAP_EXPUNGE_EXPECTED back off when syncing
- Add $history_remove_dups option to remove dups from history ring
- Also remove duplicates from the history file
- Don't filter new entries when compacting history save file
- Move the IMAP msn field to IMAP_HEADER_DATA
- Fix imap expunge to match msn and fix index
- Fix cmd_parse_fetch() to match against MSN
- Start fixing imap_read_headers() to account for MSN gaps
- Add msn_index and max_msn to find and check boundaries by MSN
- Properly adjust fetch ranges when handling new mail
- Small imap fetch fixes
- Don't abort header cache evaluation when there is a hole
- Fix mfc overflow check and uninitialized variable
- Fix potential segv if mx_open_mailbox is passed an empty string
- Don't clean up idata when closing an open-append mailbox
- Don't clean up msn idata when closing an open-append mailbox
- Fix memory leak when closing mailbox and using the sidebar
- Change imap body cache cleanup to use the uid_hash
- Convert classic s/mime to space delimit findKeys output
- Add self-encrypt options for PGP and S/MIME
- Change $postpone_encrypt to use self-encrypt variables first
- Automatic post-release commit for mutt-1.8.3
- Add note about message scoring and thread patterns
== Version 2.5.5 - 2017-06-09 Jeremy Daer <jeremydaer@gmail.com>
Security:
* #1097 – SMTP security: prevent command injection via To/From
addresses. (jeremy)
Bugs:
* #633 – Cope with message parts that have an empty Content-Type
(ThomasKoppensteiner, zeepeeare)
* #689 - Fix Exim delivery method broken by #477 in 2.5.4. (jethrogb)
== Version 2.6.5 - 2017-04-26 Jeremy Daer <jeremydaer@gmail.com>
Features:
* #1053 - Ruby 2.4.0 compatibility. Fixnum+Bignum unified as Integer. (peterkovacs)
Bugs:
* #605 - Fix Mail::Address#name for nil addresses (peterkovacs)
* #1003 - Fix decoding some b encoded headers on specific rubies that don't account for lack of base64 padding (kjg)
* #1023 - Fix double-quoting in display names. (garethrees)
This hash_lookup() is internal function of imap but conflict with other
package (converters/php-recode) and cause php binary to crash.
Bump PKGREVISION.
* auth: Use timing safe comparisons for everything related to
passwords. It's unlikely that these could have been used for
practical attacks, especially because Dovecot delays and flushes all
failed authentications in 2 second intervals. Also it could have
worked only when passwords were stored in plaintext in the passdb.
* master process sends SIGQUIT to all running children at shutdown,
which instructs them to close all the socket listeners immediately.
This way restarting Dovecot should no longer fail due to some
processes keeping the listeners open for a long time.
+ auth: Add passdb { mechanisms=none } to match separate passdb lookup
+ auth: Add passdb { username_filter } to use passdb only if user
matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
+ dsync: Add dsync_commit_msgs_interval setting. It attempts to commit
the transaction after saving this many new messages. Because of the
way dsync works, it may not always be possible if mails are copied
or UIDs need to change.
+ imapc: Support imapc_features=search without ESEARCH extension.
+ imapc: Add imapc_features=fetch-bodystructure to pass through remote
server's FETCH BODY and BODYSTRUCTURE.
+ imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the
remote server.
+ passdb imap: Add allow_invalid_cert and ssl_ca_file parameters.
+ If dovecot.index.cache corruption is detected, reset only the one
corrupted mail instead of the whole file.
+ doveadm mailbox status: Add "firstsaved" field.
+ director_flush_socket: Add old host's up/down and vhost count as parameters
- More fixes to automatically fix corruption in dovecot.list.index
- dsync-server: Fix support for dsync_features=empty-header-workaround
- imapc: Various bugfixes, including infinite loops on some errors
- IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't
enabled modseq tracking via CONDSTORE/QRESYNC.
- fts-lucene: Fix it to work again with mbox format
- Some internal error messages may have contained garbage in v2.2.29
- mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys
are used. Otherwise the copied mails can't be opened.
- vpopmail: Fix compiling
1.3.159
Stop using /usr/share/mk Makefiles on BSD systems in order to allow
building on FreeBSD 11.
Add ./configure --with-install-cmd=X --enable-pkg-make to facilitate
as FreeBSD port without patches.
Use /proc/uptime to compute boottime on Linux.
Ignore host names defined as 0.0.0.0.
Don't let the Received: header parsing for the sender IP address in
dccifd and dccproc be fooled by HELO values like "[127.0.0.1]"
Change URLs to use https
From Petar Bogdanovic (OWNER).
1.10.1 2017-05-21 06:48 UTC
Changelog:
* Fix Bug 21206: explodeQuotedString() does not handle quoted strings
correctly [dfukagaw28]
* Fix Bug 21205: Invalid encoding of headers with quoted multibyte strings in
non-unicode charset [dfukagaw28]
* Fix Bug 21098: Discrepancy in handling of empty (but set) plain text part
[alec]
pkgsrc change:
* set LICENSE to modified-bsd.
* standarlized order in Makefile.
1.4.1 2017-04-11 13:33 UTC
Changelog:
* Loosen recognition of "queued as" server response (PR #10)
* Bug #20463: domain-literal parsing error
* Bug #20513: Mail_smtp::send() doesn't close socket for smtp connection
1.4.0 2017-04-07 13:09 UTC
Changelog:
Clarified licensing to "New BSD" (3-Clause BSD)
* Bug #21082: Inconsistent licensing
ezmlm-idx-7.2.2, 2014-05-14
===========================
- Added replytolist feature to ezmlm-send. When enabled, strips incoming
Reply-To: header and adds its own. Also alters the behavior of
rewritefrom.
- Fixed off-by-one typo in ezmlm-weed causing an "out of memory" error.
ezmlm-idx-7.2.1, 2014-05-09
===========================
- Fixed header address extraction in the presence of double quotes.
- Fixed rewritefrom feature to run if the list is not indexed.
ezmlm-idx-7.2.0, 2014-05-02
===========================
- Added <#C#>, <#T#>, and <#X#> substitutions for (un)subscribe
confirmation emails, replaced with the hash code, time stamp, and
action respectively.
- Added option to ezmlm-[un]sub to use a tag other than "manual" in Log.
- Added option to ezmlm-manage to show what response is being sent.
- Added optional rewritefrom feature to ezmlm-send, automatically
enabled when the sender has a "reject" DMARC policy.
- Fixed behavior of ezmlm-manage -Q flag to match man page.
- Fixed ezmlm-import failing to flush output to the last message,
and enhanced it to allow reading the mbox from stdin.
Thanks to Tullio Andreatta.
- Fixed ezmlm-manage notifying target of an unsubscribe by a remote
administrator when the -N option is in use.
Thanks to Nebojsa Milovanovic.
- Fixed ezmlm-archive corrupting output index files.
- Internal rewrite of SQL modules to merge all common code.
ezmlm-idx-7.1.1, 2010-11-18
===========================
- Fixed bug in getln2 function that prevented error handling.
- Fixed bug in ezmlm-cron that prevented parsing of spaces.
- Fixed unclosed file descriptor on error path in ezmlm-cgi.
ezmlm-idx-7.1.0, 2010-11-03
===========================
- Added support for SQLite3 subscriber databases.
Thanks to Mike Tedder.
- Added support for wildcard addresses in all address databases.
- Added support for qmqpservers to all ezmlm-idx programs.
- Added support for decoding sender addresses mangled with a BATV "btv1" tag.
- Added support for custom subject lines to ezmlm-get (for digests).
- Added a new "omitbottom" control file, equivalent to the -B option for
both ezmlm-get and ezmlm-manage.
- Modified the (un)subscribe procedure to not require confirmation
before telling the sender they were already on (or off) the list.
- Renamed to "setup" makefile target to the more standard "install".
- Modified ezmlm-split to exit silently if there is not "split" file,
and added it back into the "manager" file to properly handle subscribe
and unsubscribe requests destined for sublists.
- Made the ezmlm-reject -h (obey headerreject) option the default.
- Fixed ezmlm-send to obey the "addtrailer" setting instead of looking
for a "text/trailer" file.
- Fixed handling of adding the trailer on old lists.
- Fixed adding the trailer to posts encoded with base64.
- Fixed handling Received: headers with the date stamp on a separate line.
- Fixed bug in command-line option processing which caused sender-
confirmed posting to fail.
- Fixed handling BATV sender addresses with upper-case hex tags.
Thanks to Kyle Wheeler for pointing this out.
- Adjusted filename in digest attachments to fix problem with Outlook.
Thanks to Glen Stewart
ezmlm-idx-7.0.2, 2009-08-09
===========================
- Fixed selection of [un]subscribe subject line for moderated
subscriptions.
- Clarified ezmlm-reject man page to note that Precedence: bulk is also
rejected.
- Added a proper charset for ch_GB (Chinese GuoBiao), and added an
explicit charset for the other languages that were missing them.
- Switched all ISO-8859-1 charsets to the more modern ISO-8859-15.
- Many small text updates and tweaks.
ezmlm-idx-7.0.1, 2009-07-09
===========================
- Added support for decoding sender addresses mangled by BATV prvs.
- Added missing ezmlm-checksub to the installed programs.
- Improved the TXT_BY message used in digests to work better with
non-English languages.
- Fixed out-of-memory resulting in a permanent error.
- Fixed a buffer underflow bug in concatHDR.
- Fixed a bug in ezmlm-issubn.c that was causing it to scan the main
list when it shouldn't.
- Fixed missing defaults in ezmlm-tstdig when digsize, digcount, or
digtime were not created.
- Clarified the steps necessary when upgrading in UPGRADE.
ezmlm-idx-7.0.0, 2008-06-16
===========================
This version has three major architectural changes:
1. There is now support for internationalized messages. All error
messages, all subject lines, and a few other messages are now configured
in a file named "text/messages" that is read at run time. Messages in
this file will undergo header-style substitution before they are output.
Unlike other text files, all 3 of the files (DIR/text/messages,
/etc/ezmlm/LANG/text/messages, and /etc/ezmlm/default/text/messages) are
read, and only the first match (in the above order) is used for any
given message. This allows for creation of partial files to override
just select messages. If no match is found, the internal English text
is used.
2. The use of the "flags" file has been deprecated completely by
individual flag files accessed by the appropriate programs. This, along
with corresponding changes to the ezmlmrc template, allows for lists to
be reconfigured without invoking ezmlm-make. To upgrade a list to the
new setup, simply run "ezmlm-make -+ DIR". Note that this will delete
the "config" and "flags" files, as they have been superceded by other
files.
3. Creation of subscriber tables has been moved out of ezmlm-mktab-* and
into ezmlm-make by adding some additional hooks to the subdb plugins. A
ezmlm-rmtab program is also added to remove subscriber tables, also with
hooks in the subdb plugins. The ezmlm-mktab-* programs have been
obsoleted by these changes and have been removed.
Smaller changes:
- Fixed a bug in ezmlm-request that caused a segfault when attempting to
execute the "which" command.
- Added new program ezmlm-checksub to replace the
ezmlm-issubn ... || { echo error; exit 100; }
lines in the ezmlmrc files. ezmlm-issubn is now deprecated for use in
.qmail files, but still exists for backwards compatibility.
- Added ezmlm-weed to the confirmer control files.
- Added <#a#> substitution for the local part of the accept address.
- ezmlm-warn will now process bounces for both the main and digest lists
if neither the -d nor the -D options are given.
- Added several control files for programs:
dir/digcount ezmlm-tstdig
dir/digestcode ezmlm-get
dir/digformat ezmlm-get
dir/digsize ezmlm-tstdig
dir/digtime ezmlm-tstdig
dir/modcanedit ezmlm-manage
dir/modcanlist ezmlm-manage
dir/modgetonly ezmlm-get
dir/modpostonly ezmlm-store
dir/nosubconfirm ezmlm-manage
dir/nounsubconfirm ezmlm-manage
dir/nowarn ezmlm-warn
dir/subgetonly ezmlm-get
dir/noreturnposts ezmlm-clean
- Removed the ezmlm-make -4 option in favor of the above files.
- Fixed handling of digest bouncer in ezmlm-dispatch.
- Eliminated the use of vfork for portability.
- Added support for decoding sender addresses mangled by SRS.
- Fixed bug when running ezmlm-archive on a newly-created list.
- Always enable ezmlm-request in manager.
- Always enable the "deny" blacklist.
- Fixed a long standing bug in ezmlm-store that caused both posting and
moderating to happen when both modpost and confirmpost were disabled.
Note: The subdb API was modified in this version. You will need to
reinstall all sub-* modules along with the main package. Also, the
messages changes also replaced the confirmpost subject line hack in
ezmlm-store and the mailinglist file. The contents of DIR/confirmpost
and DIR/mailinglist are now ignored in favor of the SUB_CONFIRM_POST and
TXT_MAILING_LIST messages, respectively.
ezmlm-idx-6.0.1, 2007-10-06
===========================
- Fixed all of the subdb plugins to correct a problem that prevented
ezmlm-manage from working properly.
- Fixed ezmlm-weed to handle MIME Delivery Status Notification messages
better.
- Fixed ezmlm-send to insert the proper value for the List-ID: header.
Thanks Bill Nugent.
- Added the necessary Sender: header to make DomainKeys work into the
ezmlmrc template.
- ezmlm-mktab-mysql and ezmlm-mktab-pgsql will now only be installed if
they were built (with "make mysql" or "make pgsql" respectively).
Note: The subdb API was modified in this version. You will need to
reinstall all sub-* modules along with the main package.
ezmlm-idx-6.0.0, 2006-11-30
===========================
This version introduces two major changes in how ezmlm-idx operates.
First, the naming of subscriber lists has been revamped. In previous
versions, the subscriber list would be identified by a full path to the
list directory. In this version, the lists are identified by their
subdirectory name within the list base directory. Full paths are
supported in some places for backwards compatibility, but only where
they fall within the list directory. This coincidentally removes the
absolute path requirement in all places except ezmlm-make, and
eliminates the need for (and use of) all the "sql" files not in the list
base directory.
Second, all three subscriber database libraries (standard, MySQL, and
PostgreSQL) have been moved into dynamically loaded plugins. If you
were previously using MySQL or PgSQL support, please follow the
instructions in UPGRADE.idx. After this configuration, this version is
backwards configurable with previous versions.
The plugin support also adds support for an optional DIR/subdb file
which supercedes DIR/sql. The file should contain the subscriber
database plugin name followed by the content that would have gone into
DIR/sql. If it is not found, DIR/sql is used instead with an assumed
plugin name of "sql". ezmlm-make will read in and convert DIR/sql if
DIR/subdb does not exist, but it writes out DIR/subdb.
Make sure to read the UPGRADE.idx file for more information on what
steps may be necessary to use this version.
ezmlm-idx-5.1.2, 2007-10-05
===========================
- Fixed ezmlm-send to insert the proper value for the List-ID: header.
Thanks Bill Nugent.
- Added the necessary Sender: header to make DomainKeys work into the
ezmlmrc template.
ezmlm-idx-5.1.1, 2006-11-23
===========================
- (Un)subscribe requests initiated and confirmed by a moderator are now
marked in the Log as "+mod" or "-mod". This is accomplished by the
addition of another pair of subscribe/unsubscribe confirmation
commands ("rc.cookie" and "wc.cookie") to ezmlm-manage to
differentiate between moderated (un)subscribe requests and
(un)subscribe requests iniated and confirmed by a moderator.
- Updated the embeded qmail-verh patch to version 0.07
ezmlm-idx-5.1.0, 2006-08-08
===========================
- Added a new configuration files "headerkeep" and "mimekeep" which
override "headerremove" and "mimeremove" respectively if either of the
former are present. Instead of removing bad headers, the "headerkeep"
file controls which ones *not* to remove. The "mimekeep" file works
similarly for MIME parts.
- Added a new program, ezmlm-import, which imports messages from a mbox
file into ezmlm-idx's message archive.
- Modified ezmlm-gate, ezmlm-issubn, ezmlm-list, ezmlm-sub, and
ezmlm-unsub to accept relative subscriber database names. The changes
take into account backwards compatibility.
- Added ezmlm-weed to both the moderator and manager control files.
- Added several more autoresponder signatures to ezmlm-weed.
- Modified the vfork test to use pid_t instead of int, to fix
portability issues on Solaris.
- Fixed handling of missing ezmlmrc config file.
- Fixed ezmlm-dispatch to handle working in a non-default .qmail file.
ezmlm-idx-5.0.2, 2006-01-16
===========================
- All programs that copy the input message (ezmlm-get, ezmlm-manage,
ezmlm-reject, ezmlm-request, and ezmlm-warn) will now copy the whole
header but only a limited number of lines of the message body,
configured by putting a number into "copylines". If this control file
is not present, no body lines are copied (to avoid spam complaints).
- Fixed ezmlm-make to override settings in the config files with command
line options instead of the other way around.
- Updated Spanish translation for post-confirm. Thanks Ruben Cardenal.
- Fixed bug in generation of a (currently unused) email address in the
subscription confirmation message.
- Substitute <#c#> in (un)subscribe confirm messages with just the
confirmation cookie (ie <#r#> without the <#l#>- prefix).
ezmlm-idx-5.0.1, 2005-12-16
===========================
- If files cannot be found in either the list directory or the
language-specific directory, try to pull them from the default
directory (/etc/ezmlm/default).
- Added a proper charset for Japanese texts.
- Added a Spanish translation for post-confirm. Thanks Ruben Cardenal.
- Fixed a bug in ezmlm-cgi caused by the use of "char" type for array
index calculations.
- Fixed ezmlm-gate failing to exit 0 on success. Thanks Ian Charnas and
Sami Farin.
ezmlm-idx-5.0.0, 2005-10-03
===========================
- Moved all the language-specific files (that is, all the "text" files
plus "charset" and "mailinglist") out of the ezmlmrc files into
individual files installed in a common location (/etc/ezmlm/LANG by
default).
- Modified the programs to try to pull files that are not present in the
list directory from the common location above.
- Replaced the use of the "config" file in ezmlm-make with individual
files containing one setting each. ezmlm-make will still read the
config file for now, but it is considered depricated. Running
"ezmlm-make -+" on an existing list will upgrade it.
- Added a "conf-etc" config file to allow changing the path to
configuration files (defaults to "/etc/ezmlm").
- Added a "conf-lang" config file to replace the "make ISO" mechanism.
- Modified the "copy" function, which translates from "text" files into
output emails, to also select sections at run time based on the list's
configured flags.
file.
While here also simplify MASTER_SITES (convert it to MASTER_SITE_GITHUB)
and delete DIST_SUBDIR and WRKSRC that are no longer needed with
that change.
Bump PKGREVISION
Discussed with <schmonz>
Enigmail 1.9.7
Released 2017-05-13, works with Thunderbird 38.0 & newer and SeaMonkey 2.35 & newer.
Notable Changes
This is a bugfix release
Bugs fixed
This version fixes a compatibility bug on Thunderbird 52 that makes keyserver up/downloads unusable.
1.5.6:
* [Feature] Add unigramms support in bayes
* [Feature] Allow configurable sign headers for DKIM
* [Feature] Allow to add unigramm metatokens from Lua
* [Feature] DKIM Signing: envelope match exception for local IPs
* [Feature] UCL: register parser variables from Lua
* [Fix] Always try to adjust filename
* [Fix] Do extra copy to ensure that original content is never touched
* [Fix] Fix SPOOF_REPLYTO rule
* [Fix] Ignore Rmilter added Received
* [Fix] More fixes for hashed email dnsbls
* [Fix] Plug memory leak in chartable module
* [WebUI] Display multiple alerts at once
2017-04-28 Richard Russon <rich@flatcap.org>
* Bug Fixes
- Fix and simplify handling of GPGME in configure.ac (@gahr)
* Docs
- Fix typo in README.neomutt (@l2dy)
* Upstream
- Fix km_error_key() infinite loop and unget buffer pollution
- Fix error message when opening a mailbox with no read permission
Changelog:
Fixed
* Background images not working and other issues related to embedded images when composing email
* Google Oauth setup can sometimes not progress to the next step
RELEASE 1.2.5
-------------
- Fix re-positioning of the fixed header of messages list in Chrome when using
minimal mode toggle and About dialog (#5711)
- Fix so settings/upload.inc could not be used by plugins (#5694)
- Fix regression in LDAP fuzzy search where it always used prefix search
instead (#5713)
- Fix bug where namespace prefix could not be truncated on folders list if
show_real_foldernames=true (#5695)
- Fix bug where base_dn setting was ignored inside group_filters (#5720)
Mozilla Thunderbird is a redesign of the Mozilla mail component. The
goal is to produce a cross platform stand alone mail application using
the XUL user interface language. This version uses the gtk2 toolkit.
Changelog:
52.0.1:
Fixed
Clicking on a link in an email may not open this link in the external browser.
Crash due to incompatibility with McAfee Anti-SPAM add-on. Add-on is blocked in 52.0.1
52.0:
New
Folder pane toolbar and folder view selector (replacement for folder view arrows)
Optionally remove corresponding data files when removing an account from Thunderbird
Import settings from Becky! Internet Mail
Possibility to copy message filter
Dictionary setting is restored when editing a draft. Content-Language header (RFC 3282) transmitted with message
Calendar: Event can now be created and edited in a tab
Calendar: Processing of received invitation counter proposals
Chat: Support Twitter Direct Messages
Chat: Liking and favoriting in Twitter
Chat: XMPP: Support SASL SCRAM authentication mechanism
Chat: Support Jabber/XMPP Message Carbons (XEP-280)
Changed
IMPORTANT: The way images are included in a compose window has changed. Images are now included as data URIs and not as references to parts of other messages or operating system files. This allows better interoperability with office packages such as MS Office or LibreOffice. Images linked from locations on the internet will no longer be downloaded and attached to the message automatically. This can be changed for each image individually via the Image Properties dialog or globally by setting the preference mail.compose.attach_http_images.
Correspondents column now default for all new folders, can be switched off with preference mail.threadpane.use_correspondents
When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header
On Linux PulseAudio is now required to play sound
Formatting toolbar is now left in place when delivery format is switched to plain text only
Messages in IMAP folders read on external device are now filtered by default
Folders backed by mbox storage larger than 4GB are supported without warning (unless preference mailnews.allowMboxOver4GB is set to false)
IMAP caching now uses Mozilla's latest caching technology
The keyboard shortcut to insert hyperlinks into a compose window was changed from CTRL+L to CTRL+K to align with Office applications
Chat: Removed Yahoo! Messenger support (since Yahoo removed support)
Fixed
Message preview pane non-functional after IMAP folder was renamed or moved
Fixed
Editing in paragraph format: Pressing Shift+Enter sometimes doesn't move the cursor to the next line
Various corrections when composing messages in paragraph format
Paste as quotation doesn't always work
Long lines in plain text replies not properly wrapped
Undesired white-space before signature in paragraph mode
When attachment unavailable, compose shows endless "Attaching..." message instead of error
Text encoding of reply sometimes incorrect (uses encoding of last viewed message)
Text encoding of message display, reply or forwarded message sometimes incorrect (uses encoding of attachment)
Delivery Format not preserved for saved drafts (Auto-Detect|Plaintext|HTML|Both)
Reply to own e-mail does not reply with the correct identity
IMAP message part caching
Links with escaped non-ASCII (international) characters can't be clicked
Calendar: Events specified in timezone "local time" generate alerts in UTC time
Chat: XMPP Resource collisions
Various security fixes
Security fixes:
#CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
#CVE-2017-5401: Memory Corruption when handling ErrorResult
#CVE-2017-5402: Use-after-free working with events in FontFace objects
#CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
#CVE-2017-5404: Use-after-free working with ranges in selections
#CVE-2017-5406: Segmentation fault in Skia with canvas operations
#CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
#CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
#CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
#CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
#CVE-2017-5412: Buffer overflow read in SVG filters
#CVE-2017-5413: Segmentation fault during bidirectional operations
#CVE-2017-5414: File picker can choose incorrect default directory
#CVE-2017-5416: Null dereference crash in HttpChannel
#CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
#CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
#CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
#CVE-2017-5419: Repeated authentication prompts lead to DOS attack
#CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
#CVE-2017-5421: Print preview spoofing
#CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
#CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
#CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8
2017-04-21 Richard Russon <rich@flatcap.org>
* Features
- add lua scripting
- add command-line batch mode
- index_format: add support of %K
* Bug Fixes
- attachment/pager: Use mailcap for test/* except plain
- Fix uncollapse_new in pager
- fix garbage in chdir prompt due to unescaped string
- Fix inbox-first functionality when using mutt_pretty_mailbox
- add full neomutt version to log startup
- fix bug in uncolor for notmuch tag
- fix broken from_chars behaviour
* Coverity defects
- strfcpy
- add variable - function arg could be NULL/invalid
- add variable - failed function leads to invalid variable
- add variable - Context could become NULL
- add variable - alloc/strdup could return NULL
- add variable - route through code leads to invalid variable
- remove variable test
- test functions
- tidy switches
- unused variables
- refactor only
- check for buffer underruns
- fix leaks
- minor fixes
- bug: add missing break
- bug: don't pass large object by value
- fix: use correct buffer size
- shadow variables
- 0 -> NULL
* Docs
- many minor updates
- sync translations
- delete trailing whitespace
- indent the docbook manual
- use w3m as default for generating UTF8 manual.txt
* Website
- many minor updates
- fix broken links
- add to list of useful programs
- test automatic html checker
- remove trailing whitespace
- add irc description
- update issue labels (dev)
- new page: closed discussions
- new page: making neomutt (dev)
* Build
- drop obsolete m4 scripts
- don't look for lua libs unless asked for
- workaround slang warnings
- lower the gettext requirement 0.18 -> 0.17
- add keymap_alldefs.h to BUILT_SOURCES
- fix make dist distcheck
- Remove -Iimap from CFLAGS and include imap/imap.h explicitly
- mx: fix conditional builds
- Make iconv mandatory (no more --disable-iconv)
- refactor: Split out BUFFER-handling functions
* Tidy
- drop control characters from the source
- drop vim modelines
- delete trailing whitespace
- mark all local functions as static
- delete unused functions
- replace FOREVER with while (true)
- drop #if HAVE_CONFIG_H
- use #ifdef for potentially missing symbols
- remove #if 0 code blocks
- drop commented out source
- IMAP auth functions are stored by pointer cannot be static
- force OPS to be rebuilt after a reconfigure
- be specific about void functions
- expand a few more alloc macros
- add argument names to function prototypes
- drop local copy of regex code
- rearrange code to avoid forward declarations
- limit the scope of some functions
- give the compress functions a unique name
- use snake_case for function names
- add missing newlines to mutt_debug
- remove generated files from repo
- look for translations in all files
- fix arguments to printf-style functions
- license text
- unify include-guards
- tidy makefiles
- initialise pointers
- make strcmp-like functions clearer
- unify sizeof usage
- remove forward declarations
- remove ()s from return
- rename files hyphen to underscore
- remove unused macros
- use SEEK_SET, SEEK_CUR, SEEK_END
- remove constant code
- fix typos and grammar in the comments
- Switch to using an external gettext runtime
- apply clang-format to the source code
- boolify returns of 84 functions
- boolify lots of struct members
- boolify some function parameters
* Upstream
- Add $ssl_verify_partial_chains option for OpenSSL
- Move the OpenSSL partial chain support check inside configure.ac
- Don't allow storing duplicate certs for OpenSSL interactive prompt
- Prevent skipped certs from showing a second time
- OpenSSL: Don't offer (a)ccept always choice for hostname mismatches
- Add SNI support for OpenSSL
- Add SNI support for GnuTLS
- Add shortcuts for IMAP and POP mailboxes in the file browser
- Change OpenSSL to use SHA-256 for cert comparison
- Fix conststrings type mismatches
- Pass envlist to filter children too
- Fix mutt_envlist_set() for the case that envlist is null
- Fix setenv overwriting to not truncate the envlist
- Fix (un)sidebar_whitelist to expand paths
- Fix mutt_refresh() pausing during macro events
- Add a menu stack to track current and past menus
- Change CurrentMenu to be controlled by the menu stack
- Set refresh when popping the menu stack
- Remove redraw parameter from crypt send_menus
- Don't full redraw the index when handling a command from the pager
- Filter other directional markers that corrupt the screen
- Remove the OPTFORCEREDRAW options
- Remove SidebarNeedsRedraw
- Change reflow_windows() to set full redraw
- Create R_MENU redraw option
- Remove refresh parameter from mutt_enter_fname()
- Remove redraw flag setting after mutt_endwin()
- Change km_dokey() to pass SigWinch on for the MENU_EDITOR
- Separate out the compose menu redrawing
- Separate out the index menu redrawing
- Prepare for pager redraw separation
- Separate out the pager menu redrawing
- Don't create query menu until after initial prompt
- Silence imap progress messages for pipe-message
- Ensure mutt stays in endwin during calls to pipe_msg()
- Fix memleak when attaching files
- Add $ssl_verify_partial_chains option for OpenSSL
- Move the OpenSSL partial chain support check inside configureac
- Don't allow storing duplicate certs for OpenSSL interactive prompt
- Prevent skipped certs from showing a second time
- OpenSSL: Don't offer (a)ccept always choice for hostname mismatches
- Add SNI support for OpenSSL
- Add SNI support for GnuTLS
- Add shortcuts for IMAP and POP mailboxes in the file browser
- Updated French translation
- Change OpenSSL to use SHA-256 for cert comparison
- Fix conststrings type mismatches
- Pass envlist to filter children too
- Fix mutt_envlist_set() for the case that envlist is null
- Fix setenv overwriting to not truncate the envlist
- Fix mutt_refresh() pausing during macro events
- Add a menu stack to track current and past menus
- Change CurrentMenu to be controlled by the menu stack
- Set refresh when popping the menu stack
- Remove redraw parameter from crypt send_menus
- Don't full redraw the index when handling a command from the pager
- Fix (un)sidebar_whitelist to expand paths
- Filter other directional markers that corrupt the screen
- Remove the OPTFORCEREDRAW options
- Remove SidebarNeedsRedraw
- Change reflow_windows() to set full redraw
- Create R_MENU redraw option
- Remove refresh parameter from mutt_enter_fname()
- Remove redraw flag setting after mutt_endwin()
- Change km_dokey() to pass SigWinch on for the MENU_EDITOR
- Separate out the compose menu redrawing
- Separate out the index menu redrawing
- Prepare for pager redraw separation
- Separate out the pager menu redrawing
- Don't create query menu until after initial prompt
- Silence imap progress messages for pipe-message
- Ensure mutt stays in endwin during calls to pipe_msg()
- Fix memleak when attaching files
- automatic post-release commit for mutt-181
- Added tag mutt-1-8-1-rel for changeset f44974c10990
- mutt-181 signed
- Add ifdefs around new mutt_resize_screen calls
- Add multiline and sigwinch handling to mutt_multi_choice
- Set pager's REDRAW_SIGWINCH when reflowing windows
- Add multiline and sigwinch handling to mutt_yesorno
- Change the sort prompt to use (s)ort style prompts
- Handle the pager sort prompt inside the pager
- Fix GPG_TTY to be added to envlist
- automatic post-release commit for mutt-182
The flufl.bounce library provides a set of heuristics and an API for
detecting the original bouncing email addresses from a bounce message.
Many formats found in the wild are supported, as are VERP and RFC 3464
(DSN).
This is a server for SMTP and related protocols, similar in utility to
the standard library's smtpd.py module, but rewritten to be based
on asyncio for Python 3.
- Elliptic curve negotiation with OpenSSL >= 1.0.2. This changes the
default smtpd_tls_eecdh_grade setting to "auto", and introduces a
new parameter tls_eecdh_auto_curves with the names of curves that may
be negotiated.
- Stored-procedure support for MySQL databases.
- Cidr: table support for if/endif and negation (by prepending ! to a
pattern), just like regexp: and pcre: tables. See the cidr_table(5)
manpage for details.
- The postmap command and the inline: and texthash: maps now support
spaces in left-hand field of lookup table source text. Use double
quotes (") around a left-hand field that contains spaces, and use
backslash (\) to protect quotes in a left-hand field.
- Support for per-client Milter configuration (smtpd_milter_maps) that
overrides the main.cf smtpd_milters setting, and that has the same
syntax. A lookup result of "DISABLE" turns off Milter support for that
client.
- The local SMTP server IP address and port are available in the
policy delegation protocol (attribute names: server_address,
server_port), in the Milter protocol (macro names: {daemon_addr},
{daemon_port}), and in the XCLIENT protocol (attribute names:
DESTADDR, DESTPORT).
- For safety reasons, the Postfix sendmail -C option must specify an
authorized directory: the default configuration directory, a
directory that is listed in the default main.cf file with
alternate_config_directories or multi_instance_directories, otherwise
the command must be invoked with root privileges. This mitigates a
recurring "jail break" problem with the PHP mail() function.
- "PASS" and "STRIP" actions in header/body_checks. "STRIP" is similar
to "IGNORE" but also logs the action, and "PASS" disables header,
body, and Milter inspection for the remainder of the message content.
- The collate.pl script by Viktor Dukhovni for grouping Postfix
logfile records into "sessions" based on queue ID and process ID
information, in the auxiliary/collate directory of the Postfix source
tree.
Disabled or removed behavior:
- SMTPUTF8 support: Postfix 3.2 disables the 'transitional'
compatibility between the IDNA2003 and IDNA2008 standards for
internationalized domain names (domain names beyond the limits of
US-ASCII). This makes Postfix behavior consistent with contemporary
web browsers.
- Postfix 3.2 removes tentative features that were implemented before
the DANE spec was finalized: support for certificate usage
PKIX-EE(1), the ability to disable digest agility, and the ability to
disable support for "TLSA 2 [01] [12]" records that specify the digest
of a trust anchor.
Notable changes since 3.2:
- Added mailer previews feature based on 37 Signals mail_view
gem.
- Instrument the generation of Action Mailer messages. The time it
takes to generate a message is written to the log.
- link_to and url_for generate absolute URLs by default in templates,
it is no longer needed to pass only_path: false.
- Introduced deliver_later which enqueues a job on the application's
queue to deliver emails asynchronously.
- Added the show_previews configuration option for enabling mailer
previews outside of the development environment.
1.5.5:
* [CritFix] Fix classifier learning with Redis backend
* [CritFix] Fix issue when parsing encoded rfc822/messages
* [Feature] Add escaped version of lua_ucl import
* [Feature] Add task:headers_foreach function
* [Feature] Allow to process filenames from content type
* [Feature] Allow to query hashed emails
* [Feature] Ignore bayes with mostly metatokens or with too few text
* [Feature] Probabilistically skip metatokens
* [Feature] Retrieve all virus names from SAVAPI
* [Feature] Rework classifiers lua metatokens
* [Feature] Store headers order
* [Feature] Store text tokens inside bayes tokens
* [Feature] Use cached shingles keys
* [Fix] Add missing score normalisation for HFILTER_URL_ONLY
* [Fix] Avoid lookup in absent hash
* [Fix] Check return values from Lua functions called from C
* [Fix] Do not count sending and loading time in rspamc
* [Fix] Escape json strings for controller rejplies from Lua
* [Fix] Fix archive scans for savapi
* [Fix] Fix domain_only emails RBL
* [Fix] Fix ip_score map configuration
* [Fix] Fix JSON output for history_redis
* [Fix] Fix one character length substrings search
* [Fix] Fix parsing of non-RFC compatible Exim received
* [Fix] Fix parsing of options for workers with the same type
* [Fix] Fix processing of small tokens vectors
* [Fix] Fix rfc2047 tokenization
* [Fix] Fix typo
* [Fix] More fixes for inplace decoding
* [Fix] Try to avoid modifications of the original data
* [Fix] URL redirector: Fix call to is_redirector
* [Rework] Set token data as uint64_t instead of chars array
* [WebUI] Check if neighbours' history backend versions match
* [WebUI] Disable phrase connectors replacement in history filtering
* [WebUI] Disable phrase connectors replacement in symbols filtering
* [WebUI] Do not hide messages with bad subject, just replace it with '???'
* [WebUI] Fix error message
* [WebUI] Fix history v2 display
* [WebUI] Fix legacy history
* [WebUI] history: break To address lists on commas
* [WebUI] Increase default timeout to 20 seconds
* [WebUI] Save some history table space
1.5.4:
* [Conf] Add history_redis default configuration
* [Feature] Add spoofed rules
* [Feature] Add URL_IN_SUBJECT rule
* [Feature] Allow to get task's subject
* [Feature] Allow to specify maximum number of shots for symbols
* [Feature] Distinguish URLs found in Subject
* [Feature] Memoize LPEG grammars
* [Feature] Parse else parts in SA rules
* [Feature] Process subject for mixed characters
* [Feature] Resolve url chains in url_redirector module
* [Feature] Stat greylisted messages as greylisted not soft-rejected
* [Feature] Support checking for redirector in Lua SURBL
* [Feature] Support tag_exists SA function
* [Feature] Work with broken rfc2047 tokens
* [Fix] Check all watcher's dependencies
* [Fix] Do not compile hyperscan with no SSSE3 support
* [Fix] Do not crash if cannot decode qp encoded part
* [Fix] Fix dependencies of DKIM when multiple signatures are found
* [Fix] Fix lists in whitelist plugin
* [Fix] Fix one-shot symbols weight calculations
* [Fix] Fix options and shots match
* [Fix] Fix order of symbol options
* [Fix] Fix parsing of dot at the end of the address
* [Fix] Fix parsing of lua table arguments
* [Fix] Fix processing of subject words
* [Fix] Fix string split memoization
* [Fix] Fix templates grammar usage
* [Fix] Fix various issues related to Lua stack manipulation
* [Fix] Force actions: Use postfilter if we have honor_action / require_action
* [Fix] Further fixes to avoid PHISHING FP
* [Fix] Preserve order of options in symbols
* [Fix] Rspamadm grep: deal with unusually-formatted logs
* [Fix] Use hostname suffix when dealing with history
* [Rework] Remove outdated SA rules
* [WebUI] Add flexible columns
* [WebUI] Add footable
* [WebUI] Add sender, recipients and subject columns
* [WebUI] Allow message-id break
* [WebUI] Fix history clustering
* [WebUI] Fix history display
* [WebUI] Fix sorting
* [WebUI] Humanize sizes
* [WebUI] Initial move towards footable
* [WebUI] Remove datatables
* [WebUI] Replace `.values` method with `.map`
* [WebUI] Rework v2 symbols display
* [WebUI] Try to normalize frequencies
* [WebUI] Unbreak WebUI
* [WebUI] Use Footable to draw Throughput summary table
v0.4.18 12-04-2017 Stephan Bosch <stephan@rename-it.nl>
+ imapsieve plugin: Implemented the copy_source_after rule action. When this
is enabled for a mailbox rule, the specified Sieve script is executed for
the message in the source mailbox during a "COPY" event. This happens only
after the Sieve script that is executed for the corresponding message in the
destination mailbox finishes running successfully.
+ imapsieve plugin: Added non-standard Sieve environment items for the source
and destination mailbox.
- multiscript: The execution of the discard script had an implicit "keep",
rather than an implicit "discard".
v2.2.29.1 2017-04-12 Timo Sirainen <tss@iki.fi>
- imapc reconnection fix was forgotten from 2.2.29 release, which also
made "make check" fail in a unit test
- dict-sql: Merging multiple UPDATEs to a single statement wasn't
actually working.
- Fixed building with vpopmail
v2.2.29 2017-04-10 Timo Sirainen <tss@iki.fi>
* passdb/userdb dict: Don't double-expand %variables in keys. If dict
was used as the authentication passdb, using specially crafted
%variables in the username could be used to cause DoS (CVE-2017-2669)
* When Dovecot encounters an internal error, it logs the real error and
usually logs another line saying what function failed. Previously the
second log line's error message was a rather uninformative "Internal
error occurred. Refer to server log for more information." Now the
real error message is duplicated in this second log line.
* lmtp: If a delivery has multiple recipients, run autoexpunging only
for the last recipient. This avoids a problem where a long
autoexpunge run causes LMTP client to timeout between the DATA
replies, resulting in duplicate mail deliveries.
* config: Don't stop the process due to idling. Otherwise the
configuration is reloaded when the process restarts.
* mail_log plugin: Differentiate autoexpunges from regular expunges
* imapc: Use LOGOUT to cleanly disconnect from server.
* lib-http: Internal status codes (>9000) are no longer visible in logs
* director: Log vhost count changes and HOST-UP/DOWN
+ quota: Add plugin { quota_max_mail_size } setting to limit the
maximum individual mail size that can be saved.
+ imapc: Add imapc_features=delay-login. If set, connecting to the
remote IMAP server isn't done until it's necessary.
+ imapc: Add imapc_connection_retry_count and
imapc_connection_retry_interval settings.
+ imap, pop3, indexer-worker: Add (deinit) to process title before
autoexpunging runs.
+ Added %{encrypt} and %{decrypt} variables
+ imap/pop3 proxy: Log proxy state in errors as human-readable string.
+ imap/pop3-login: All forward_* extra fields returned by passdb are
sent to the next hop when proxying using ID/XCLIENT commands. On the
receiving side these fields are imported and sent to auth process
where they're accessible via %{passdb:forward_*}. This is done only
if the sending IP address matches login_trusted_networks.
+ imap-login: If imap_id_retain=yes, send the IMAP ID string to
auth process. %{client_id} expands to it in auth process. The ID
string is also sent to the next hop when proxying.
+ passdb imap: Use ssl_client_ca_* settings for CA validation.
- fts-tika: Fixed crash when parsing attachment without
Content-Disposition header. Broken by 2.2.28.
- trash plugin was broken in 2.2.28
- auth: When passdb/userdb lookups were done via auth-workers, too much
data was added to auth cache. This could have resulted in wrong
replies when using multiple passdbs/userdbs.
- auth: passdb { skip & mechanisms } were ignored for the first passdb
- oauth2: Various fixes, including fixes to crashes
- dsync: Large Sieve scripts (or other large metadata) weren't always
synced.
- Index rebuild (e.g. doveadm force-resync) set all mails as \Recent
- imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix
- doveadm: Exit codes weren't preserved when proxying commands via
doveadm-server. Almost all errors used exit code 75 (tempfail).
- ACLs weren't applied to not-yet-existing autocreated mailboxes.
- Fixed a potential crash when parsing a broken message header.
- cassandra: Fallback consistency settings weren't working correctly.
- doveadm director status <user>: "Initial config" was always empty
- imapc: Various reconnection fixes.
LD_LIBRARY_PATH is not propagated when set with env, e.g.:
env LD_LIBRARY_PATH=path/to/lib ./script.sh
will not work (other variable names work correctly).
mess822. Turn it off by default. This should let us once again
publish binary packages.
To use another ofmipd, set qmailofmipd_ofmipdcmd in rc.conf. Likewise
for qmail-smtpd and qmail-pop3d.
Bump version.
used only for qmail-pop3d, which is likely not being used much anymore.
Other installs might need a different implementation of checkpassword
anyhow. And this implementation is not (yet?) in the public domain, so
it's blocking us from publishing binary packages of qmail.
Unless (until?) sysutils/checkpassword becomes "public-domain", it
remains under "djb-nonlicense". If you continue to need it, since you've
already accepted the nonlicense, simply install it directly.
I believe this package and all its remaining dependencies are now in
DEFAULT_ACCEPTABLE_LICENSES. Bump PKGREVISION.
