- Always use the internal MD5 functions for the built-in CRAM-MD5
implementation; never use the ones from OpenSSL. This fixes problems with
configurations that use OpenSSL and do not use GNU SASL. Thanks to Gleydson
Soares and Moritz Wilhelmy for providing information and for testing the fix.
- Deprecate DIGEST-MD5 authentication as per RFC 6331.
- Remove unmaintained translations (es, pt_BR).
+ SSL: Added support for ECDH/ECDHE cipher suites
+ Added some missing man pages
+ quota-status: Added quota_status_toolarge setting
- director: Users near expiration could have been redirected to
different servers at the same time.
- pop3: Avoid assert-crash if client disconnects during LIST.
- mdbox: Corrupted index header still wasn't automatically fixed.
- dsync: Various fixes to work better with imapc and pop3c storages.
- ldap: sasl_bind=yes caused crashes, because Dovecot's lib-sasl
symbols conflicted with Cyrus SASL library.
- imap: Various error handling fixes to CATENATE. (Found using
Apple's stress test script.)
Upstream changes:
version 2.01: Sat Aug 3 01:07:27 CEST 2013
Improvements:
- add dummy ::Types::create_type_index() because
Catalyst-Plugin-Static-Simple calls it :(
version 2.00: Fri Aug 2 17:44:53 CEST 2013
Changes:
- the mime information is now collected from various sources, amongst
them IANA. Therefore, some types may use different x-'s
#types up from 995 to 2096
- a separate table is built for the extension-to-type mapping.
#exts up from 734 to 1425
- the memory foot-print and start-up speed should have improved
considerably.
Improvements:
- added bin/collect_types
- 3 typos. rt.cpan.org#86847 [D Steinbrunner]
- add ::Type::isVendor(), ::isExperimental(), ::isPersonal on request
by rt.cpan.org#87062 [Lars]
- cleaned-up Exporter syntax of (very) old interface.
- added ::Types::listTypes()
version 1.38: Fri Jan 11 09:58:08 CET 2013
- add application/vnd.ms-excel.template.macroEnabled.12 and five
related from http://filext.com/faq/office_mime_types.php
rt.cpan.org#82616 [M Jemmeson]
version 1.37: Fri Dec 21 11:33:53 CET 2012:
- all mime.types files agree that perl scripts should use
application/x-perl. Hence removed text/x-perl
rt.cpan.org#82100 [Kent Fredric]
version 1.36: Wed Oct 31 20:34:42 CET 2012
- xlsx and friends had encoding 'binary' (since version 1.30),
but should have been 'base64'
rt.cpan.org#80529 [Douglas Wilson]
ChangeLog:
1.534 2013-03-26
Added another spam detection case (mstevens)
1.533 2013-01-23
Added two new spam detection cases (mstevens)
Hopefully fixed tests on newer perl, at the cost of slightly
reformatted messages. Why is Mail::DeliveryStatus::Report
a header object anyway? (mstevens)
Changelog:
Security bugfixes.
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
- Support DNS whitelists.
- Improve physical page locality of the DCC server's use of the database hash table
and so improve server performance.
- Reduce dccifd thread stack size to 512 KBytes for busy 32-bit systems
- Dccproc, dccm, and dccifd decode HTML &#xxx character references in URLs.
- Dccproc, dccm, and dccifd convert UTF-8 domain names to Punycode
before checking DNS blacklists.
- Fix reporting of rogue server-IDs.
- Fix dccproc, dccifd, and dccm crash in parsing Received: fields with IPv6 addresses.
- Fix DNSBL bugs in parsing http://example.com?parameter and http://example.com:80
- Deal with trailing '.' and other punctuation URLs in dccm, dccifd, and
dccproc. This changes the FUZ1 and FUZ2 checksums in some cases.
- Fix a rare crash of dccd, the server daemon.
Added iconv output support via -x<set>.
Fixed up the BASE64 decoding detection of boundaries which are sometimes missed.
Updated ripOLE to handle nameless / unknown stream blobs.
Added a header fixing routine in MIME_headers, this fix attempts
to unwrap headers which are missing a leading space on the next line
This feature can be disabled using --disable-headerfix.
Added recursion facility if the input mailpack/MIME file is a directory.
1.10.0 09-July-2013
----------------------------------------------
- Memory optimizations
- Fix a runtime error on Windows
1.9.80 10-June-2013
----------------------------------------------
- Update item access time less often.
- Don't try to start akonadiserver if mysqld is not installed
- Allow to fetch available items even if there are errors in some of the items.
- Properly restrict the external part removal to the deleted collection.
- Support checking the cache for payloads in the FETCH command.
- Add infrastructure to track client capabilities.
- Allow to disable the cache verification on retrieval.
- fsck: move orphaned pim items to lost+found, delete orphaned pim item flags.
- Introduce NotificationMessageV2 that supports batch operations on set of entities.
- Fix build with Boost >= 1.53.
- Fix a runtime issue with MySQL >= 5.6 (MySQL >= 5.1.3 is now the minimum version).
Changes since 2.0.6:
IMAPFilter 2.5.5 - 8 Jun 2013
- Work-around for some servers that send an unexpected APPEND response.
- The serial number of the certificates is taken into account, because some
servers send different certificates with the same subject and issuer.
- Details of the stored certificates are written to the certificates file, in
order to make it easier to distinguish each of them.
- Support for TLS versions 1.1 and 1.2 for secure connections.
IMAPFilter 2.5.4 - 9 Apr 2013
- Some server responses are now parsed less stricly.
- More detailed information is now printed when there's an error.
- Bug fix; various corrections in the recovery mechanism.
IMAPFilter 2.5.3 - 22 Jul 2012
- New implementation for international mailbox names.
- Bug fix; wrong variable name in one of the examples on extending.
- Bug fix; an OpenSSL compilation warning.
IMAPFilter 2.5.2 - 29 Feb 2012
- Persistent errors or connection failures are now ignored when running in
daemon mode, and a reconnection is attempted during the next loop iteration.
- Bug fix; problems with failure handling during login/logout.
IMAPFilter 2.5.1 - 27 Feb 2012
- Support for recovery of a session after a BYE response is received.
- Option to control in which cases a terminated session will be restored.
- Bug fix; a BYE response could sometimes get incorrectly ignored.
IMAPFilter 2.5 - 23 Feb 2012
- Support for recovery of a session when a network failure is encountered,
and other robustness improvements.
- Informational messages are printed also for the fetch and append methods.
- Lua 5.2 compatibility, while the codebase can still be compiled with
version 5.1.
- The OpenSSL library is now a mandatory build requirement.
- Bug fix; unrecoverable login failures did not result in aborting of the
execution of the configuration.
- Bug fix; when messages were appended to a mailbox that did not exist, it
failed to create the mailbox and then retry the appending.
- Bug fix; misleading errors were printed on some SSL failures.
- Bug fix; protected call of the commands to execute in the daemon function
could hide important failures.
- Bug fix; the man page had an incorrect description of the -d option.
* Support for the old deprecated 1.x configuration format has been removed,
and the current 2.x format can only be executed from now on.
IMAPFilter 2.4.2 - 19 Jan 2012
- Bug fix; some ASCII characters in mailbox names were incorrectly converted
to UTF-7.
IMAPFilter 2.4.1 - 8 Dec 2011
- Bug fix; become_daemon() failure.
IMAPFilter 2.4 - 6 Dec 2011
- Support for non-ASCII mailbox names.
- New environment variable to set the configuration directory.
- Bug fix; parsing of some server responses was broken since the previous
release.
- Bug fix; the match_field() method matched on the whole header field,
instead of only the header field body.
- Bug fix; debug file check caused printing of a misleading error message.
- Bug fix; typo error in a configuration man page example.
IMAPFilter 2.3 - 6 Aug 2011
- Support for appending/uploading messages to mailboxes.
- Debug file option now takes filename argument.
- New simplified configuration and building procedure.
- Bug fix; in some cases a mailbox was incorrectly assumed selected.
- Bug fix; in some cases server capabilities needed update after login.
- Bug fix; timeout problem with CRAM-MD5 authentication.
- Bug fix; some servers send non-ASCII characters in their responses.
IMAPFilter 2.2.3 - 6 Mar 2011
- Project moved to GitHub.
- Changed file and directory structure.
- The next UID is returned as an additional return value of check_status().
- All processing methods now return a boolean based on their success.
- Bug fix; a lost connection is now handled better by trying to reconnect.
- Bug fix; in some cases in IDLE a message had arrived but was ignored.
- Bug fix; in some servers the initial IDLE reply wasn't handled correctly.
- Bug fix; typo errors in the documentation.
IMAPFilter 2.2.2 - 23 Jan 2010
- Bug fix; a couple of errors in the extending examples file.
IMAPFilter 2.2.1 - 20 Jan 2010
- A global option for the IDLE refreshing interval was added.
- Bug fix; more detailed reporting when SSL socket errors occur.
IMAPFilter 2.2 - 30 Dec 2009
- Support for combining searching methods in multiple mailboxes at the same
or different accounts and processing of the results in bulk.
- Support for meta-searching that allows searching on the previous searching
results.
- The processing and fetching methods were enhanced to reflect the new
changes and the documentation was updated.
- Global options for the message cache and the certificates were added.
- Bug fix; questions for certificates are not asked while in daemon mode, but
instead an error is printed.
* A different format is used for the returned structures of the searching
methods, due to the introduction of multiple mailbox searching and
meta-searching, and thus any configuration files that rely on them should
be updated. Consequently, the processing and fetching methods have been
also enhanced and the relevant documentation updated, and while these
changes are backwards compatible, an update of the configuration file is
still recommended.
IMAPFilter 2.1.2 - 3 Dec 2009
- Bug fix; cache for message parts didn't work correctly.
- Bug fix; documentation error.
IMAPFilter 2.1.1 - 24 Nov 2009
- Bug fix; global option timeout and enter_idle() didn't play well together.
IMAPFilter 2.1 - 23 Nov 2009
- Support for the IMAP IDLE extension (RFC 2177) through the enter_idle()
method.
- Support for fetching of a message's body structure through the
fetch_structure() method, and of a message's specific body part through the
fetch_parts() method.
- Addition of a global option that controls the character set used for all
the searching methods.
- Bug fix; fetching of non-existent messages.
- Bug fix; no trailing end-of-line characters in the results of
fetch_fields().
IMAPFilter 2.0.11 - 20 Sep 2009
- Bug fix; fetching of messages with empty body.
- Workaround for problematic IMAP server sending non-compliant mailbox status
information.
IMAPFilter 2.0.10 - 16 Feb 2008
- Bug fix; failed a great number (tens of thousands) of commands were
exchanged with an IMAP server.
- Bug fix; failed to fetch the body of some messages in some extremely rare
occasions.
- Bug fix; the description for the contain_header() method was clarified.
IMAPFilter 2.0.9 - 26 Dec 2007
- Bug fix; the match_*() methods failed to match messages.
- Bug fix; the match_*() methods failed with an error when no messages
matched.
- Bug fix; note added in the documentation about the need to use double
backslashes inside of regular expression patterns.
IMAPFilter 2.0.8 - 23 Dec 2007
- Bug fix; on some platforms it is necessary to link against the math library.
IMAPFilter 2.0.7 - 22 Dec 2007
- Bug fix; the match_*() methods failed with an error message.
are replaced with .include "../../devel/readline/buildlink3.mk", and
USE_GNU_READLINE are removed,
* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
are replaced with .include "../../mk/readline.buildlink3.mk".
Mail_Mie 1.8.8
* Fixed warning/notice on (static vs. non-static) PEAR::raiseError() usage
[alec]
* Fixed Bug #19761: PHP5 warnings about return by reference [alec]
* Fixed Bug #19770: Make cid generator more unique on Windows [alec]
* Fixed Bug #19987: E_STRICT warning when null is passed by reference [alec]
Changelog:
FIXED
Security fixes can be found here
Fixed in Thunderbird 17.0.7
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Subject: [Dovecot-news] Released Pigeonhole v0.4.1 for Dovecot v2.2.4.
Date: Wed, 03 Jul 2013 22:15:31 +0200
To: dovecot-news@dovecot.org, Dovecot Mailing List <dovecot@dovecot.org>
Reply-To: dovecot@dovecot.org
Content-Transfer-Encoding: 7bit
Hello Dovecot users,
Now that I am not preoccupied anymore, I quickly release a new version
of Pigeonhole for Dovecot v2.2. This consists mainly of bug fixes. One
new feature is that the Sieve plugin will try to pass temporary
failures (e.g. from mail storage) back to LDA/LMTP as much as
possible. However, this change turned out a little bigger than I would
have liked, so experiment with it a bit before you deploy it in
production.
Changelog v0.4.1:
+ Added support for handling temporary failures. These are passed back
to LDA/LTMP to produce an appropriate response towards the MTA.
- Sieve storage: Removed PATH_MAX limitation for active symlink. This
caused problems for GNU/Hurd.
- Fixed line endings in X-Sieve headers added by redirect command.
- ManageSieve: Fixed '[' ']' stupidity for response codes (only
happened before login).
- Fixed setting name in example-config/conf.d/20-managesieve.conf.
- Sieve extprograms plugin: Fixed interaction between pipe command and
remote script service. The output from the script service was never
read, causing a broken pipe error at the script service. Apparently,
this was broken since the I/O handling for extprograms was last
revised.
- Fixed assertion failure due to datastack problem in message header
composition.
version 1.2.9 (which is old) is not available. Two improvements that
I noticed are:
1.) A remote DoS vulnerability (for which "pkgsrc" had a patch) has
been fixed.
2.) The SPF records for "gmail.com" are now accepted again.
