Pkgsrc changes:
- The package supports installation to DESTDIR.
- Shortened COMMENT (hint by pkglint).
- This is purely a Perl module.
Changes since version 0.34:
===========================
1.01 13 Mar 2007
- Increase CPANTS score.
Pkgsrc changes:
- The package supports installation to DESTDIR.
- This is purely a Perl module.
Changes since version 2.131:
============================
2.132 2007-03-22
packaging improvements
* The recursive download of remote folders was enabled.
* The quick search condition for each folder now persists between sessions.
* The selection now persists when the quick search condition is updated.
* SSL ports in Advanced tab of the account prefs dialog are now automatically
set when SSL is enabled.
* The '--open' command line option which open messages in new window was added.
* Quoted-printable or base64 encoding is now forced on PGP/MIME signing
instead of stripping trailing spaces
(except for the case of ISO-2022-JP encoding).
* The quoted-pair in From header is now processed correctly when displaying
its name.
* The performance of 'Mark all read' on IMAP folders was improved.
* The bug that the character '+' in address was treated as URI-escaped
space was fixed.
* Unix: the problem that 'Get' and 'Get all' button could not be clicked
after receiving while mouse pointer was over the buttons was fixed.
2.4.1:
* If shift or control key is pressed on address completion, only address
string is inserted now.
Pkgsrc changes:
- p5-Net-DNS not needed anymore.
Changes since version 2.82:
===========================
2.83 (May 8, 2007)
* Remove all uses of $' from code. This removes a global regex engine
slowdown. [issues.apache.org #5312]
* Comment out or replace shell commands with Perl equivalents. This
removes the prerequisites of uname(1) and GNU mkdir(1).
Pkgsrc changes:
- Software does not accept any version of p5-Crypt-OpenSSL-RSA anymore.
Changes since version 0.24:
===========================
* we now only sign headers that IETF recommends for signing
* it's now possible to "prettify" outgoing signatures, but this feature
is not enabled by default. To enable, do a "use Mail::DKIM::TextWrap"
in your program that signs messages. (This may change in a future
release.)
What's New in Thunderbird 2
* Message Tags: Create your own tags for organizing email. Messages can be
assigned any number of tags. Tags can be combined with saved searches and
mail views to make it easier to organize email.
* Visual Theme: Thunderbird 2's theme and user interface have been updated to
improve usability and maximize screen real estate.
* Session History Navigation: Back and Forward buttons allow navigation through
message history.
* Advanced Folder Views: Customize the folder pane to show favorite, unread or
recent folders.
* Easy Access to Popular Web Mail Services: Gmail and .Mac users can access
their accounts in Thunderbird by simply providing their user names and
passwords.
* Improved Support For Extensions: Extensions can now add custom columns to the
message list pane in addition to storing custom message data in the mail
database.
* Improved New Mail Notification Alerts: New mail alerts include information
such as the subject, sender and message preview text.
* Folder Summary Popups: Mouse over a folder with new messages to see a summary
of the new messages in that folder.
* Saved Search Folder Performance: Search results for saved search folders are
now cached, improving folder loading performance.
* Find As You Type: Finds and highlights message text as you type.
* Improved Filing Tools: Recent folder menu items for moving and copying
messages to recently used folders. Move / Copy again functionality.
* Updates to the Extension System: The extension system has been updated to
provide enhanced security and to allow for easier localization of extensions.
The Rumbling Edge has a more detailed list of notable bug fixes:
http://weblogs.mozillazine.org/rumblingedge/archives/2007/03/tb_2.html
2007/05/01 (thomasb)
----------
- Updated German, Euskara, Hungarian, Romanian and Spanish translation
- Added Hindi and Kurdish localization
2007/04/28 (thomasb)
----------
- LDAP access is back in address book (closes#1484087)
- Added search function for contacts
- New Template parsing and output encoding
- Fixed bugs #1484119 and #1483978
2007/04/08 (thomasb)
----------
- Fixed message moving procedure (closes#1484308)
- Fixed display of multiple attachments (closes#1466563)
- Fixed check for new messages (closes#1484310)
- List attachments without filename
2007/03/27 (thomasb)
----------
- New session authentication: Change sessid cookie when login, authentication with sessauth cookie is now configurable.
Should close bugs #1483951 and #1484299
2007/03/23 (thomasb)
----------
- Correctly translate mailbox names (closes#1484276)
- Quote e-mail address links (closes#1484300)
2007/03/21 (thomasb)
----------
- Updated PEAR::Mail_mime package
- Added Persian localization
- Updated Catalan and Brazilian Portuguese translations
- Updated INSTALL manual with a note about database passwords
- Accept single quotes for HTML attributes when modifying message body (thanks Jason)
- Sanitize input for new users/identities (thanks Colin Alston)
2007/03/19 (thomasb)
----------
- Don't download HTML message parts
- Convert HTML parts to plaintext if 'prefer_html' is off
- Correctly parse message/rfc822 parts (closes#1484045)
- Code cleanup
2007/03/18 (thomasb)
----------
- Also use user_id for unique key in messages table (closes#1484074)
- Hide contacts drop down on blur (closes#1484203)
- Make entries in contacts drop down clickable
- Turn off browser autocompletion on login page
- Quote <? in text/html message parts
- Hide border around radio buttons
- Replaced old JS function calls.
2007/03/13 (thomasb)
----------
- Applied patch for attachment download by crichardson (closes#1484198)
- Fixed bug in Postgres DB handling (closes#1484068)
- Fixed bug of invalid calls to fetchRow() in rcube_db.inc (closes#1484280)
- Fixed array_merge bug (closes#1484281)
- Fixed flag for deletion in list view (closes#1484264)
- Finally support semicolons as recipient separator (closes ##1484251)
- Fixed message headers (subject) encoding
pkgsrc changes:
* Make iconv and mbstring dependencies PKG_OPTIONS ("iconv" and "multibyte")
* Write logs and tempfiles under ${VARBASE}, not ${PREFIX}
* Cosmetic and pkglint-appeasing tweaks
Shortly after the release of SquirrelMail 1.4.10, a regression in the compose
form was discovered. Unfortunately the limited disclosure of security patches
does not allow for public testing, so this regression went unnoticed. We're
sorry for the inconvenience.
This version, 1.4.10 is a maintenance release, addressing
the following problems since 1.4.9a:
- Some security fixes (see below)
- Small enhancements
- A collection of bugfixes and stability enhancements
(see ChangeLog for a full list)
Security issues
===============
This release addresses security issues found since the release of 1.4.9a:
There's an ongoing battle to further secure the HTML filter against malicious
HTML mail and the browsers that accept almost any malformed piece of HTML.
This release contains fixes for the following:
- HTML attachments containing "data:" URLs;
- Internet Explorer in various versions accepts many permutations of HTML
and JavaScript in many charsets. We now properly canonicalize the incoming
HTML to us-ascii before applying further filters. IE only.
- Request forgery through images. It was possible to include "images" in
HTML mails which were in fact GET requests for the compose.php page sending
mail. These images are now properly detected, and the compose form will only
send mail through a POST request.
Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon for reporting
(parts of) these issues and working with us to get them resolved.
These are known as CVE-2007-1262. Further details on SquirrelMail
vulnerabilities can be found at the following address:
http://www.squirrelmail.org/security/
Moved portions of spamdyke's code from spamdyke.c into new .c and .h files to
make it a little easier to understand and maintain.
Added base64_encode() and base64_decode() to transfer data to/from base64
format.
Added md5() to produce an MD5 digest of a data block. Turns out this wasn't
necessary for spamdyke, only for test_smtpauth_crammd5. Oops.
Renamed the "make openbsd" command to "make bsd" since apparently all *BSD
distributions don't need -lresolv.
Renamed search_ip_file() to search_tcprules_file() and extended it to support
IP ranges, rDNS names and remote info like tcprules does (according to
http://cr.yp.to/ucspi-tcp/tcprules.html). This makes the IP black/
whitelist files much more flexible. This will be much handier in the next
version (AKA The Great Configuration Overhaul).
Modified middleman() and smtp_filter(), added exec_checkpassword() so spamdyke
can do SMTP AUTH, either by offering it itself or observing the qmail
traffic. LOGIN, PLAIN and CRAM-MD5 are supported.
Changed the STRLEN_ macros in spamdyke.h to use a single STRLEN() macro so the
preprocessor will count characters instead of doing it by hand. Much safer
this way.
Removed "-a"'s (max number of recipients per message) dependence on "-d"
(local domains file). With SMTP AUTH, the local access file and whitelists,
this shouldn't be necessary.
Added process_access() to process local access files (e.g. /etc/tcp.smtp) and
export environment variables based on the source of the incoming connection.
Added relay prevention based on the content of the local access file(s) and
the list(s) of local domains. Connections from remote sources that are
granted relay permission in the access file(s) are allowed to relay. Users
who authenticate with SMTP AUTH are allowed to relay. All others must send
to local addresses only.
Added a series of test scripts to exercise all of spamdyke's filters and
options. This should make it easier to regression test new versions.
Changed search_file() and search_tcprules_file() to compare domain names in a
case insensitive manner.
Changed canonicalize_path() to reduce all file paths to lowercase. This was
causing graylisting to be inconsistant. Reported by bcarr@purgatoire.org.
pkglintification
Remove bdb option (this has been removed from src)
Rename some options as they are (currently) DSPAM specific
Change MASTER_SITES
Fix permissions on installed files
Thanks to xtraeme@ for reviewing the changes
* jonz: removed depricated oracle driver
* jonz: fix for dynamic storage drivers api
* jonz: added connect check for pgsql
* jonz: fix for segfault on undefined DeliveryHost or ClientHost
* jonz: fix for segfault in vsyslog()
* jonz: fix for segfault in dlopen() failure
* jonz: added OSB tokenizer
* jonz: fix for segfault on log write err
* jonz: segfault fix for UIDInSignature
See the CHANGELOG for all the details:
http://dspam.nuclearelephant.com/text/CHANGELOG-3.8.0.txt
Google mail, into the Packages Collection.
The libgmail project is a pure Python binding to provide access to
Google's Gmail web-mail service.
The library allows the user to log into an account, retrieve a list of
threads, display information about them and display the source of the
individual messages.
In addition, the library allows the user to:
Archive Gmail messages to mbox format
Use your Gmail account as a SMTP server
Use your Gmail account as a POP server
Use your Gmail account as a FTP server!
Alpine is the replacement for the Pine email and news client.
Alpine is a screen-oriented message-handling tool. In its default
configuration, Alpine offers an intentionally limited set of
functions geared toward the novice user, but it also has a large
list of optional "power-user" and personal-preference features.
This package currently only installs the alpine binary, excluding
the pilot and pico binaries which would cause it to conflict with
the pine package.
2007-04-25 Jeffrey Stedfast
* README: Bumped version
* configure.in: Bumped version to 2.2.8
* tests/test-pgp.c: Test exporting of keys.
* gmime/gmime-utils.c (rfc2047_decode_word): Fixed compile
warnings.
* gmime/gmime-stream-file.c (stream_reset): Removed an unused
variable.
* gmime/gmime-charset.c (g_mime_charset_can_encode):
s/if (mask->level = 1)/if (mask->level == 1)/
2007-04-23 Jeffrey Stedfast
* README: Bumped version
* configure.in: Bumped version to 2.2.7
2007-04-14 Jeffrey Stedfast
* gmime/*.c (g_mime_*_get_type): Set n_preallocs to 0.
2007-04-12 Jeffrey Stedfast
* gmime/*.c: no need for a second NULL argument to g_object_new()
* util/cache.c (cache_new): Change max_size and node_size to be of
type size_t.
* gmime/gmime-multipart-encrypted.c
(g_mime_multipart_encrypted_new): g_object_new() doesn't need a
second NULL argument.
* gmime/gmime-utils.c (decode_8bit): Close the iconv descriptor
and since we are using is_ascii() now, we don't need to use
unsigned char *'s.
2007-04-12 Jeffrey Stedfast
* gmime/gmime-utils.c (decode_8bit): Use is_ascii().
(g_mime_utils_header_decode_text): Same.
(g_mime_utils_header_decode_phrase): Here too.
* gmime/gen-table.c: Added a is_ascii() macro for use instead of
the ctype isascii() so that I don't have to worry about casting.
2007-04-11 Jeffrey Stedfast
Revision 1119 (previous commit) made the following 2 functions
even less attractive than they already were, so I decided to
rewrite them especially since it wasn't hard to find a far cleaner
approach.
* gmime/gmime-utils.c (g_mime_utils_header_decode_text): Rewritten
to be cleaner, faster, and more elegant.
(g_mime_utils_header_decode_phrase): Same.
2007-04-11 Jeffrey Stedfast
Fixes for bug #423760 and bug #342196
* gmime/gmime-charset.c (g_mime_charset_can_encode): New
convenience function to check whether a length of UTF-8 text can
be converted into the specified charset.
(g_mime_set_user_charsets): New function allowing an application
to provide GMime with a list of user-preferred charsets to use for
encoding and decoding headers.
(g_mime_user_charsets): New function to get the list of
user-preferred charsets.
* gmime/gmime-utils.c (decode_8bit): New function to convert
arbitrary 8bit text into UTF-8 using the charset list provided by
g_mime_user_charsets().
(rfc2047_decode_word): Don't assume that just because the declared
charset is UTF-8 that it actually is in UTF-8.
(rfc2047_decode_word): If we can't open a converter for the
declared charset to UTF-8 or if we can't convert from the declared
charset into UTF-8, fall back to using decode_8bit().
(g_mime_utils_header_decode_text): Convert 8bit word tokens into
UTF-8 using decode_8bit().
(g_mime_utils_header_decode_phrase): Same.
(rfc2047_encode_word): Be a little more efficient about removing
'\n' chars...
(rfc2047_encode): When encoding a level-2 word cluster, attempt to
fit the cluster within a charset provided by
g_mime_user_charsets() rather than using GMime's best-fit charset
table (unless, of course, it doesn't fit within any of the
user-specified charsets).
2007-03-28 Jeffrey Stedfast
* gmime/gmime-iconv-utils.c (g_mime_iconv_strndup): No need to
cast out to a char *, it already is.
* gmime/gmime-stream-mem.c (g_mime_stream_mem_set_byte_array):
Only free the previous memory buffer if we were the owner.
Pkgsrc changes:
- Removed PKG_DESTDIR_SUPPORT until the issue with encoded ownership in
+INSTALL files is resolved.
- made pkglint shut up about some warnings (CONFIGURE_DIRS, BUILD_DIRS,
hidden commands with @)
- parse-rules-for-masses has moved in the source archive.
- The directories "masses" and "tools" are no longer distributed in the
archive so I simplified the post-install target.
- Since "tools" is gone, the post-extract: target is obsolete.
- MESSAGE now points at sa-compile.
- Spamc depends on zlib now, so we needed the appropriate buildlink3 file.
Summary of changes since version 3.1.8:
=======================================
* new behavior for trusted_networks/internal_networks: the 127.* network
is now always considered trusted and internal, regardless of configuration.
* bug 3109: short-circuiting of 'definite ham' or 'definite spam' messages
based on individual short-circuit rules using the 'shortcircuit' setting,
by Dallas Engelken <dallase /at/ uribl.com>.
* bug 5305: implement 'msa_networks', for ISPs to specify their Mail
Submission Agents, and extend network trust accordingly.
* bug 4636: Add support for charset normalization, so rules can be written
in UTF-8 to match text in other charsets.
* sa-compile: compilation of SpamAssassin rules into a fast parallel-matching
DFA, implemented in native code.
* "tflags multiple": allow writing of rules that count multiple hits in a
single message.
* bug 4363: if a message uses CRLF for line endings, we should use it as
well, otherwise stay with LF as usual; important for Windows users.
* bug 4515: content preview was omitting first paragraph when no Subject:
header was present.
* The third-party modules used by sa-update are now required by the
SpamAssassin package, instead of being optional.
* Bug 5165: 'sa-update --checkonly' added to check for updates without
applying them; thanks to <anomie /at/ users.sourceforge.net>
* Bugs 4606, 4609: Adjust MIME parsing limits for nested multipart/* and
message/rfc822 MIME parts.
* bug 5295: add 'whitelist_auth', to whitelist addresses that send mail
using sender-authorization systems like SPF, Domain Keys, and DKIM
* Removed dependency on Text::Wrap CPAN module.
* Received header parsing updates/fixes/additions.
Spamc / spamd:
* bug 4603: Mail::SpamAssassin::Spamd::Apache2 -- mod_perl2 module,
implementing spamd as a mod_perl module, contributed as a Google Summer of
Code project by Radoslaw Zielinski.
* bug 3991: spamd can now listen on UNIX domain, TCP, and SSL sockets
simultaneously. Command-line semantics extended slightly, although fully
backwards compatibly; add the --ssl-port switch to allow TCP and SSL
listening at the same time.
* bug 3466: do Bayes expiration, if required, after results have been
passed back to the client from spamd; this helps avoid client timeouts.
* more complete IPv6 support.
* spamc: Add '-K' switch, to ping spamd.
* spamc: add '-z' switch, which compresses mails to be scanned using
zlib compression; very useful for long-distance use of spamc over the
internet.
* bug 5296: spamc '--headers' switch, which scans messages and transmits
back just rewritten headers. This is more bandwidth-efficient than the
normal mode of scanning, but only works for 'report_safe 0'.
* Bump spamd's protocol version to 1.4, to reflect new HEADERS verb used
for '--headers'.
Mail::SpamAssassin modules and API:
* bug 4589: allow M::SA::Message to use IO::File objects to read in
message (same as GLOB).
* bug 4517: rule instrumentation plugin hooks, to measure performance,
from John Gardiner Myers <jgmyers /at/ proofpoint.com>.
* add two features to core rule-parsing code; 1. optional behaviour to
recurse through subdirs looking for .cf/.pre's, to support rules compilers
working on rulesrc dir. 2. call back into invoking code on lint failure,
so rule compiler can detect which rules exactly fail the lint check.
* bug 5206: detect duplicate rules, and silently merge them internally
for greater efficiency.
* bug 5243: add Plugin::register_method_priority() API, allowing plugins
to control the relative ordering of plugin callbacks relative to other
plugins' implementations.
* Reduced memory footprint.
Plugins:
* bug 5236: Support Mail::SPF replacement for Mail::SPF::Query.
* bug 5127: allow mimeheader :raw rules to match newlines and folded-header
whitespace in MIME header strings.
* bug 4770: add ASN.pm plugin, contributed by Matthias Leisi <matthias at
leisi.net>
* bug 5271: move ImageInfo ruleset into 3.2.0 core rules, thanks to
Dallas Engelken <dallase /at/ uribl.com>.
* VBounce ruleset and plugin: detect spurious bounce messages sent by
broken mail systems in response to spam or viruses. (Based on Tim
Jackson's "bogus-virus-warnings.cf" ruleset.)
* DomainKeys/DKIM: Mail::DKIM is now preferred over Mail::DomainKeys,
since the latter module is no longer actively maintained, and Mail::DKIM
can handle both DomainKeys and DKIM signatures.
* DKIM: separate signature verification from fetching a policy: can save
a DNS lookup for each unverified message by setting score to 0 for all
policy-related rules (DKIM_POLICY_SIGNALL, DKIM_POLICY_SIGNSOME, and
DKIM_POLICY_TESTING). (thanks to Mark Martinec)
* DKIM: support testing flags in the public key, as well as in the policy
record. (thanks to Mark Martinec)
* DKIM: skip fetching a policy (SSP) if a signature does verify, according
to draft-allman-dkim-ssp-02 (thanks to Mark Martinec)
* Move rule functionality and checking into separate Check plugin, allowing
third parties to implement alternative scanner core algorithms.
* core EvalTests code moved into various plugins.
* Plus lots of miscellaneous bug fixes.
20070331
Bugfix (introduced Postfix 2.3): segfault with HOLD action
in access/header_checks/body_checks on 64-bit platforms.
File: cleanup/cleanup_api.c.
20070402
Portability (introduced 20070325): the fix for hardlinks
and symlinks in postfix-install forgot to work around shells
where "IFS=/ command" makes the IFS setting permanent. This
is allowed by some broken standard, and affects Solaris.
File: postfix-install.
Portability (introduced 20070212): the workaround for
non-existent library bugs with descriptors >= FD_SETSIZE
broke with "fcntl F_DUPFD: Invalid argument" on 64-bit
Solaris. Files: master/multi_server.c, *qmgr/qmgr_transport.c.
20070421
Cleanup: on (Linux) platforms that cripple signal handlers
with deadlock, "postfix stop" now forcefully stops all the
processes in the master's process group, not just the master
process alone. File: conf/postfix-script.
