* New/changed functionality:
* a single DNS resolver is created for the lifetime of the program,
rather than reinitializing the resolver for each new query.
* bugfixes:
* fix the error message given when an invalid algorithm is
specified in the construction of Mail::DKIM::Signer.
* avoid Perl warning about use of an undefined value in several
places (rt.cpan.org issue #82913).
* speed- improved performance of parsing the message into lines
(rt.cpan.org issue #77902). Patch by Mark Martinec.
* fix DNS queries to use the correct method (txtdata) of Net::DNS
(rt.cpan.org issue #83170). Patch by Mark Martinec.
* fix issue with getting wrong error codes when q= tag is empty
(issue #3011005)
* anti-abuse- prevent a message with thousands of signatures from
thrashing the whole computer (issue #3010997)
* memory usage- significantly reduced memory footprint for
processing a message with a large header and many signatures
* fix error message given when no KeyFile has been specified
(issue #1889690)
* API changes:
* global subroutines resolver() or enable_EDNS0() in module
Mail::DKIM::DNS can be called to specify non-default options
to Net::DNS::Resolver (see also rt.cpan.org issue #80425).
* the Canonicalization::finish_header() method now expects a
argument to be passed to it. In the unusual case that you are
using this method from your own code, please update your code.
* src/mbsync.1:
* don't lie about the default of User
* fix typos
* src/drv_maildir.c:
* don't forget to reset message counts when skipping scan
* remove apparently pointless resetting of recent message count
* src/compat/convert.c:
* error-check renaming of uid mapping database
* error-check reading of old uidvalidity and maxuid files
* src/sync.c:
* error-check committing of sync state
* better error messages for sync state and journal related errors
* remove pointless/counterproductive "Disk full?" error message suffixes
* don't crash in message expiration debug print
* src/compat/config.c:
* fix "inverse copy&pasto" in account labeling code
* don't needlessly quote strings
* write Sync and Expunge to global section if applicable
* don't bother checking impossible condition
* src/main.c:
* fix segfault on passing --{create,expunge}-{master,slave}
* don't needlessly spell out INBOX
* src/drv_imap.c:
* don't crash on malformed response code
* don't crash on truncated LIST response
* fix crash on store without prior fetch with non-UIDPLUS servers
* don't error out if we don't get an X-TUID header
* src/compat/main.c:
* remove pointless pointer assignment
* src/: drv_maildir.c, mdconvert.c:
* fix hypothetical buffer overflows
* close a bunch of fd leaks in error paths
* src/util.c:
* actually use prime numbers for all hash bucket sizes
* src/config.c:
* fix zero MaxSize override in Channels
* src/compat/: config.c, isync.h, util.c:
* rework maildir store mapping
* src/socket.c:
* remove pointless use of AI_V4MAPPED flag
* configure.ac, src/common.h, src/drv_imap.c, src/util.c:
* make date parsing portable, take 2
* src/: drv_maildir.c, sync.c:
* fix _POSIX_SYNCHRONIZED_IO usage
Many of these changes were in response to findings from a Coverity scan.
Fix some conflicting unit tests.
BUILD: Fix bug #195 part II: Compile all binaries with pthreads
support as needed by libopendkim features.
BUILD: Fix packaging damage with autobuild.
2.9.1 2014/03/15
Feature request #177: Add "LuaOnlySigning" so that only the Lua setup
script makes signing requests; suppresses automatic application
of the signing table.
Fix bug #185: odkim.signfor() wasn't processing its arguments properly.
Fix bug #199: Fix use of uninitialized buffer when generating
SMTP response strings due to ADSP rejections.
Fix infinite loop when mlfi_connect() is called with a hostname
starting with a "." character. Reported by Philip Guenther.
Fix loading of refiles when trailing spaces are present in the value.
LIBOPENDKIM: Only call dkiml_dns_close() if there was a
dkiml_dns_service handle set by dkiml_dns_init(). Also,
when closing, reset that handle to NULL.
LIBOPENDKIM: The various dkim_dns_set_*() functions, when passed a
NULL function pointer, merely store it, making the
corresponding function a no-op. Previously, doing
so restored the default.
LIBOPENDKIM: Have dkim_sig_getreportinfo() return descriptors
(if available) regardless of the signer's reporting parameters.
BUILD: Fix bug #188: Clean up last remnants of libstrl.
BUILD: Fix bug #190: Check for HAVE_SUN_LEN in opendkim-db.c.
BUILD: Fix bug #191: Better minimum version checks for libmemcached.
BUILD: Fix bug #192: Different test for libevent.
BUILD: Fix bug #193: Don't throw away user-provided compilation
variables.
BUILD: Fix bug #195: Compile opendkim-genzone with pthreads support.
BUILD: Fix bug #202: Fix pkg-config check for GNUTLS.
BUILD: Fix bug #203: opendkim-genzone requires pthreads.
BUILD: Patch #29: Look for libmilter in lib64.
BUILD: Patch #30: Include libdl when linking in Lua.
BUILD: Don't throw away user-provided compilation variables.
Problem noted by Quanah Gibson-Mount.
BUILD: Rename "--with-mdb" to "--with-lmdb" for consistency
with that package's naming conventions.
CONTRIB: Fix bug #184: Update to contrib/systemd/opendkim.service
MILTERTEST: Add "polite" flag to mt_disconnect().
TOOLS: Fix bug #187: Increase buffer size for the private key in
opendkim-testkey.
TOOLS: Fix opendkim-spam to match the schema found in stats/mkdb.mysql.
Add dependency to net/pear-Net_Sieve.
Please refer UPGRADING from older relase, especially configuration
files are changed.
Please refer CHANGELOG for detail.
* changed english and added Total on qmqtool -s
* added more stats with qmqtool -s -V
* modified some regexs to be arithmetic instead
* changed string finding code:
increased speed
removed fallback routine
use grep -E (egrep) when /pattern/ is used
support case insensitive search with /pattern/i
* rely on PATH instead of statically searching
* improved queue consistency check
* -[lRTLx] /displays/ calculated size
* added -x feature for extended information on a message
* created ./configure ; make ; make install process
(even though we're just a light perl script)
* Many cosmetic improvements to watch-multiple-mimedefangs.tcl
* Fix md_get_bogus_mx_hosts so it checks A records iff a domain has
no MX records.
* Add a forward declaration of rebuild_entity to avoid warnings on
recent Perl versions.
* Reduce potential patch conflicts by switching more DESTDIR support to sed
* Enable `qmail-netqmail` by default
* Install `qmail-viruscan` signatures via CONF_FILES
* With `tls` option, don't generate cert, instruct the user at INSTALL time
That last change also fixes the source build with `tls` enabled on
systems that don't already have a /var/qmail/control, as reported
by Thomas Lazar on pkgsrc-users@.
While here, add a comment with the new location of the qregex patch.
Since it's named strangely, I've also placed a traditionally-named
copy on ftp.n.o.
Bump PKGREVISION.
* Fix IDLE mode regression (it didn't worked) introduced
after v6.5.5 (pointy hat goes to Eygene Ryabinkin, kudos --
to Tomasz Żok)
* Add knob to invoke folderfilter dynamically on each sync (GitHub#73)
* Add knob to apply compression to IMAP connections (Abdó Roig-Maranges)
* Add knob to filter some headers before uploading message
to IMAP server (Abdó Roig-Maranges)
* Allow to sync GMail labels and implement GmailMaildir repository that
adds mechanics to change message labels (Abdó Roig-Maranges)
* Allow to migrate status data across differend backends
(Abdó Roig-Maranges)
* Support XDG Base Directory Specification
(if $XDG_CONFIG_HOME/offlineimap/config exists, use it as the
default configuration path; ~/.offlineimaprc is still tried after
XDG location) (GitHub#32)
* Allow multiple certificate fingerprints to be specified inside
'cert_fingerprint'
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
This is a SECURITY release, addressing a CRITICAL remote code execution
flaw in Exim version 4.82 (only) when built with DMARC support (an
experimental feature, not on by default). This release is identical to
4.82 except for the small change needed to plug the security hole. The
next release of Exim will, eventually, be 4.83, which will include the
many improvements we've made since 4.82, but which will require the
normal release candidate baking process before release.
You are not vulnerable unless you built Exim with EXPERIMENTAL_DMARC.
This issue is known by the CVE ID of CVE-2014-2957, was reported
directly to the Exim development team by a company which uses Exim for
its mail server. An Exim developer constructed a small patch which
altered the way the contents of the From header is parsed by converting
it to use safer and better internal functions. It was applied and
tested on a production server for correctness. We were notified of the
vulnerability Friday night, created a patch on Saturday, applied and
tested it on Sunday, notified OS packagers on Monday/Tuesday, and are
releasing on the next available work day, which is Wednesday.
This is why we have made the smallest feasible changes to prevent
exploit: we want this chagne to be as safe as possible to expedite into
production (if the packages were built with DMARC).
== [release-2-0-3] 2.0.3: 2014-05-20
A bug fix release of 2.0.2
=== Package
==== Improvements
* Drop Ubuntu Quantal (12.10) support
* Drop Ubuntu Raring (13.04) support
* Add Ubuntu Trusty (14.04) support
* Drop Debian squeeze support
* rpm: Update Ruby1.9.3 package for CentOS6 to Ruby1.9.3-p545.
=== milter manager
==== Improvements
* Update bundled libev to 4.15
==== Fixes
* Fix a bug that data_stopper cannot stop apply children
[GitHub #39]
=== Ruby milter
==== Improvements
* Update bundled glib2 to 2.2.0
* Milter::Logger methods can accept a block
=== Document
==== Fixes
* Fix typos in FreeBSD installation
[Patched by Dave Dodd]
=== Thanks
* Dave Dodd
* Editheader extension: Made control characters allowed for editheader,
except NUL. Before, this would cause a runtime error.
+ Upgraded Dovecot-specific Sieve "vnd.dovecot.duplicate" extension to
match the new draft "duplicate" extension.
- Fixed sieve_result_global_log_error to log only as i_info in
administrator log (syslog) if executed from multiscript context.
- Sieve redirect extension: Adjusted loop detection to show leniency to
resent messages.
- Sieve include extension: Fixed problem with handling of duplicate
includes with different parameters :once or :optional.
- Sieve spamtest/virustest extensions: Tests were erroneously performed
against the original message. When used together with extprograms
filter to add the spam headers, the changes were not being used by
the spamtest and virustest extensions.
- Deprecated Sieve notify extension: Fixed segfault problems in message
string substitution.
- ManageSieve: Fixed active link verification to handle redundant path
slashes correctly.
- Sieve vacation extension:
- Fixed interaction of sieve_vacation_dont_check_recipient with
sieve_vacation_send_from_recipient setting.
- Fixed log message for discarded response.
- Sieve extprograms plugin:
- Forgot to disable the alarm() timeouts set for script execution.
- Fixed fd leak and handling of output shutdown.
- Fixed 'Bad filedescriptor' error occurring when disconnecting
script client.
- Made sure that programs are never forked with root privileges.
* Fixed a DoS attack against imap/pop3-login processes. If SSL/TLS
handshake was started but wasn't finished, the login process
attempted to eventually forcibly disconnect the client, but failed
to do it correctly. This could have left the connections hanging
arond for a long time. (Affected Dovecot v1.1+)
+ mdbox: Added mdbox_purge_preserve_alt setting to keep the file
within alt storage during purge. (Should become enforced in v2.3.0?)
+ fts: Added support for parsing attachments via Apache Tika. Enable
with: plugin { fts_tika = http://tikahost:9998/tika/ }
+ virtual plugin: Delay opening backend mailboxes until it's necessary.
This requires mailbox_list_index=yes to work. (Currently IMAP IDLE
command still causes all backend mailboxes to be opened.)
+ mail_never_cache_fields=* means now to disable all caching. This may
be a useful optimization as doveadm/dsync parameter for some admin
tasks which shouldn't really update the cache file.
+ IMAP: Return SPECIAL-USE flags always for LSUB command.
- pop3 server was still crashing in v2.2.12 with some settings
- maildir: Various fixes and improvements to handling compressed mails,
especially when they have broken/missing S=sizes in filenames.
- fts-lucene, fts-solr: Fixed crash on search when the index contained
duplicate entries.
- Many fixes and performance improvements to dsync and replication
- director was somewhat broken when there were exactly two directors
in the ring. It caused errors about "weak users" getting stuck.
- mail_attachment_dir: Attachments with the last base64-encoded line
longer than the rest wasn't handled correctly.
- IMAP: SEARCH/SORT PARTIAL was handled completely wrong in v2.2.11+
- acl: Global ACL file handling was broken when multiple entries
matched the mailbox name. (Only the first entry was used.)
* 3.4.1 (stable)
* Fixed Bug #193: Lose mails when mailbox is inaccessible.
* 3.4.0 (stable)
* 3.4.0rc (release candidate)
* SSL wildcard certificate is also validated now (#167).
* The compile error with OpenSSL disabled was fixed.
* 3.4.0beta8 (development)
* Mac OS X support was improved.
* SSL certificate hostname is validated now (#167).
* The Japanese manual was modified so that IE correctly detect its
character encoding.
* The rightmost column of folder view and summary view became easier to
resize.
* Appropriate columns of folder view, summary view, etc. are
auto-expanded by window resize when using GTK+ 2.14 or later.
* The initial setup dialog is now resizabe.
* PGP encrypt-to-self feature was added.
* The display period of notification window became configurable.
* 3.4.0beta7 (development)
* Win32: the tray icon is recreated when explorer.exe crashes now.
* The bug that 'File - Folder - Move folder...' menu didn't work was
fixed.
* The bug that MIME nest level restriction was not working was fixed.
* Many defects discovered by Coverity Scan were fixed:
- FILE handle resource leaks
- memory leaks
- possible buffer overrun
- strict error checks
- correct null pointer checks
* 3.4.0beta6 (development)
* Icon theme feature was added.
* HTML mail is distinguished from other messages with attachments now.
* 'Last 30 days' was added to the quick search menu.
* Attached images are rotated based on Exif orientation tag.
* Config.guess and config.sub included in the tarball were updated to the
latest version.
* 3.4.0beta5 (development)
* Basque translation was added.
* Escaped special characters in HTML links are now properly unescaped
(#120).
* IMAP: parsing of folder names that contain brackets was fixed.
* Config.guess and config.sub included in the tarball were updated.
* The order of templates became stable.
* 3.4.0beta4 (development)
* The feature to save message as plain text was added.
* Printing now prints all texts in messages, not only the first one.
* The HTML parser now supports <blockquote> tag.
* An option to prefer HTML part in multipart/alternative was added
(default: off).
* Compose window is raised when the external editor exits.
* Bugfixes of HTML display were made.
* 3.4.0beta3 (development)
* Rebuilding of folder tree which was broken at 3.4.0beta1 was fixed
(#103).
* The bug that double-quote (") and backslash (\) in
folder/username/password were not escaped and could not be used on IMAP4
was fixed.
* Quotation of forwarded messages is enabled for template now.
* When marking a message as junk and moving it to a junk folder, proper
junk folder is selected instead of default one.
* When applying a template for a new message, current date is inserted
with '%d'.
* 3.4.0beta2 (development)
* New message notification window was added.
* An option to the junk filter setting was added:
'Do not classify message as junk if sender is in the address book'.
* Some non-standard Date header patterns are handled now.
* Win32: start menu shortcuts are translated.
* 3.4.0beta1 (development)
* Safe mode (which does not load plug-ins) was added (--safe-mode).
* The existence of destination folders are checked when creating a filter
rule.
* The recursion level is restricted up to 64 when scanning local mailbox
(prevents infinite loop with symlink. Note: Linux automatically limits
the symlink loop up to 40)
* The labels used in POP3 remote mailbox dialog was modified.
* POP3: do not disconnect immediately but send QUIT command on normal
POP3 errors (prevents deleted messages appear again).
* IMAP: "INBOX" folder became case insensitive as specified in RFC 3501.
* IMAP: server name for cache directory is escaped now
(fixes cache creation when using IPv6 address for server name on Windows).
* Win32: socket timeout setting now works on Windows.
Bugfixes (fixed in Postfix 2.11 and Postfix 2.12):
* With connection caching enabled (the default), recipients could
be given to the wrong mail server. The root cause was an incorrect
predicate. Due to this, the Postfix SMTP client could under
rare conditions save and restore plaintext connections that
should not be cached, under a fixed lookup key that did not
distinguish by destination. Problem reported by Sahil Tandon.
* Enforce TLS when TLSA records exist, but all are unusable.
* Don't leak memory when TLSA records exist, but all are unusable.
Workarounds:
* Prepend "-I. -I../../include" to the compiler command-line
options, to avoid name clashes with non-Postfix header files.
Documentation cleanup:
* Corrected postconf(1) manpage for missing version attribution
and incorrect "author" formatting.
* The documentation for Postfix > 2.8 TLS activity logging was
incorrect. Loglevel 0 produces no logging. Instead, information
is logged only with loglevel 1 or higher.
Logging cleanup:
* The TLS client logged that an "Untrusted" TLS connection was
established instead of "Anonymous".
* For consistency, TLS policy lookup errors are now logged as
warnings.
The following security problems were fixed in this release:
- MFSA 2014-46 Use-after-free in nsHostResolve
- MFSA 2014-44 Use-after-free in imgLoader while resizing images
- MFSA 2014-43 Cross-site scripting (XSS) using history navigations
- MFSA 2014-42 Privilege escalation through Web Notification API
- MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
- MFSA 2014-37 Out of bounds read while decoding JPG images
- MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service
Installer
- MFSA 2014-34 Miscellaneous memory safety hazards
