| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
MASTER_SITES= site1 \
site2
style continuation lines to be simple repeated
MASTER_SITES+= site1
MASTER_SITES+= site2
lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
|
|
Upstream changes:
2.213 2017-01-11 09:21:54-05:00 America/New_York
- no changes since v2.212
2.212 2016-12-18 20:05:09-05:00 America/New_York (TRIAL RELEASE)
- add an $index arg to ->header to get the nth header (thanks, Pali
Roh獺r)
|
|
Build fix for NetBSD-7.99.59.
|
|
2017-01-13 Richard Russon <rich@flatcap.org>
* Features
- Allow custom status flags in index_format
- $from_chars highlights differences in authorship
- notmuch: make 'Folder' and 'Tags' respect (un)ignore
- notmuch: add "virtual-unmailboxes" command
* Bug Fixes
- pick smarter default for $sidebar_divider_char
- status color breaks "mutt -D"
- Enable reconstruct-thread in the pager
- manually touch 'atime' when reading a mbox file
- allow $to_chars to contain Unicode characters
- increase the max lmdb database size
- restore limit current thread
- don't reset the alarm unless we set it
- some more places that may get NULL pointers
- rework initials to allow unicode characters
* Translations
- Spanish translation
- German translation
* Docs
- Improve whitespace and grammar on the NNTP feature page
- make $to_chars docs more legible
- de-tab the DocBook
- fix 301 redirects
* Build
- New configure option --enable-everything
- add a constant for an aborted question
- enhance mutt_to_base64() (and callers)
- Fix configure.ac to require md5 if hcache is enabled
- Bail if a selected hcache backend cannot be found
- refactor mutt_matches_ignore
- fix hcache + make dist
- add unicode string helper function
- Re-indent configure.ac
- generate devel version suffix
- fix check_sec.sh warnings
- remove unnecessary #ifdef's
- add missing #ifdef for nntp
- ignore some configure temp files
- fix "make dist" target
- fix function prototypes
- fix coverity warnings
- notmuch: drop strndup, replace with mutt_substrdup
* Upstream
- Fix failure with GPGME 1.8: do not steal the gpgme_ prefix.
- search muttrc file according to XDG Base Specification (closes #3207)
- Improve openssl interactive_check_cert. (closes #3899)
- Add mutt_array_size macro, change interactive_check_cert() to use it. (see #3899)
- Return to pager upon aborting a jump operation. (closes #3901)
- Change sidebar_spoolfile coloring to be lower precedence.
- Move '@' pattern modifier documentation to the right section.
- Add setenv/unsetenv commands.
- Rework OpenSSL certificate verification to support alternative chains. (closes #3903)
- Add option to control whether threads uncollapse when new mail arrives.
- In the manual, replaced 2 para by example (similar to the first example).
- Create mbchar_table type for multibyte character arrays. (see #3024)
- Make to_chars and status_chars accept mulitibyte characters. (closes #3024)
|
|
|
|
Notmuch 0.23.5 (2017-01-09)
===========================
Build system
------------
Fix quoting bug in configure. This had introduced a RUNPATH into the
notmuch binary in cases where it was not not needed.
|
|
- fix plaintext version of docs not generated correctly. Thanks: Elijah.
- fix `getmail --fingerprint` not logging server TLS fingerprint
correctly with SimplePOP3SSLRetriever. Thanks: Gabriel Kihlman.
|
|
https://github.com/pjz/TMDAng is ported to Python 3.4, named "TMDAng"
with the original upstream author's permission, and packaged for pypi.
Anyone interested in maintaining the package would do well to take a look.
|
|
options, respectively. Bump version.
|
|
"sasl" option. Bump PKGREVISION.
|
|
|
|
- Add qmailofmipd service for outgoing submissions.
- Add dependencies on mess822, spamdyke, and stunnel.
- Add sample spamdyke and stunnel configs for SMTP AUTH over TLS.
- Control ofmipd from the main qmail script.
- Fix broken link to "12 Steps to qmail List Bliss".
|
|
|
|
swaks' primary design goal is to be a flexible, scriptable, transaction-
oriented SMTP test tool. It handles SMTP features and extensions such as
TLS, authentication, and pipelining; multiple version of the SMTP
protocol including SMTP, ESMTP, and LMTP; and multiple transport methods
including unix-domain sockets, internet-domain sockets, and pipes to
spawned processes. Options can be specified in environment variables,
configuration files, and the command line allowing maximum
configurability and ease of use for operators and scripters.
|
|
|
|
|
|
* Sync with thunderbird-45.6.0
|
|
Changelog:
Fixed The system integration dialog was shown every time when starting Thunderbird
Fixed Various security fixes
Security vulnerabilities fixed in Thunderbird 45.6
#CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
#CVE-2016-9895: CSP bypass using marquee tag
#CVE-2016-9897: Memory corruption in libGLES
#CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
#CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
#CVE-2016-9904: Cross-origin information leak in shared atoms
#CVE-2016-9905: Crash in EnumerateSubDocuments
#CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6
|
|
Upstream changes:
0.903 2016-11-17
- PLEASE CONSIDER USING EMAIL-SENDER INSTEAD
- Fixed an errant extra test requirement, GH #3. Thanks, Paul.
- Marked the entire dist as DEPRECATED as it should no longer be used.
|
|
|
|
|
|
|
|
|
|
- Added ability for rbl plugin to capture messages before rejecting them.
- Fixed broken use of -lbg-sysdeps in modules.
- Fixed missing plugin-rbl in installed image.
- Updated for bglibs v2
- Added new "rbl" plugin, to block messages from IPs in an RBL.
- Added new "queuedir" backend, to save messages to simple files.
- Make sure plugin reset functions get called before exiting.
- Added missing plugin-starttls-ucspi to installed files.
- Added support for limiting the number of messages to plugin-counters.
- This version updates the plugin API to add new features:
- Capabilities reported by the SMTP EHLO response can be added by
plugins.
- Plugins are passed any SMTP parameters given with the sender and
recipient commands.
- Plugins can add new commands to the SMTP protocol.
Plugins compiled for previous versions of mailfront will not work
without recompiling. The short-circuit on accept logic has also been
eliminated to fix a semantic issue.
- SMTP AUTH support has been moved into a new plugin, cvm-authenticate.
Existing installations relying on SMTP AUTH support will need to make
sure they are using this new plugin. The smtpfront-qmail wrapper
has been modified to provide this additional plugin.
- Fixed plugin-add-received to add the "IPv6:" prefix in the Received:
header when the protocol is TCP6.
- Added plugin starttls-ucspi to implement STARTTLS using ucspi-tls.
- SMTP AUTH can now be restricted to TLS-enabled sessions.
- Added controls for pop3front-auth to limit the number of USER commands
and authentication failures allowed per session.
- Added control to imapfront-auth to limit the number of authentication
failures allowed per session.
- Modified the clamav plugin to use the newer INSTREAM protocol.
- imapfront-auth now sets $DOVECONF_ENV in Dovecot mode in order to
avoid having Dovecot imapd reset it through doveconf.
- Added Lua scripting plugin (optional, build with 'make lua').
- Modified the qmail backend to evaluate $QMAILQUEUE as late as possible.
This allows more options for changing $QMAILQUEUE in plugins.
- Added support for running Dovecot IMAP from imapfront-auth.
See imapfront.html for details on how to set this up.
- Added support for rejecting whole messages when the recipient count is
exceeded in plugin-counters.
- Made the check-fqdn plugin explicitly reject empty recipients.
- Added a sender domain restriction to the check-fqdn plugin.
- Added missing plugin-spamassassin.so to installation.
- Fix bug in handling invalid message numbers in retrieving messages in
pop3front-maildir.
- Added a SpamAssassin scanning plugin.
- Optimized pop3front-maildir to avoid stat'ing each message twice, and
to use sizes recorded in the filename to avoid stat'ing entirely.
See pop3front.html for details on the filenames.
pkgsrc changes:
- Libtoolize to fix build on OS X.
|
|
|
|
- Updated for bglibs v2.
- Fixed the authenticated test when used with Courier IMAP.
- Tweaked relay-ctrl-allow to only try to save a handle to the current
working directory if it's going to execute another command later.
- Added support for logging environment settings in relay-ctrl-check.
|
|
|
|
|
|
|
|
|
|
|
|
Notmuch 0.23.4 (2016-12-24)
===========================
Command Line Interface
----------------------
Improve error handling in notmuch insert
Database lock errors no longer prevent message file delivery to the
filesystem. Certain errors during `notmuch insert` most likely to
be temporary return EX_TEMPFAIL.
Emacs
-----
Restore autoload cookie for notmuch-search.
|
|
Security update to address CVE-2016-9963
Exim version 4.88
-----------------
JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination
supports it and a size is available (ie. the sending peer gave us one).
JH/02 The obsolete acl condition "demime" is removed (finally, after ten
years of being deprecated). The replacements are the ACLs
acl_smtp_mime and acl_not_smtp_mime.
JH/03 Upgrade security requirements imposed for hosts_try_dane: previously
a downgraded non-dane trust-anchor for the TLS connection (CA-style)
or even an in-clear connection were permitted. Now, if the host lookup
was dnssec and dane was requested then the host is only used if the
TLSA lookup succeeds and is dnssec. Further hosts (eg. lower priority
MXs) will be tried (for hosts_try_dane though not for hosts_require_dane)
if one fails this test.
This means that a poorly-configured remote DNS will make it incommunicado;
but it protects against a DNS-interception attack on it.
JH/04 Bug 1810: make continued-use of an open smtp transport connection
non-noisy when a race steals the message being considered.
JH/05 If main configuration option tls_certificate is unset, generate a
self-signed certificate for inbound TLS connections.
JH/06 Bug 165: hide more cases of password exposure - this time in expansions
in rewrites and routers.
JH/07 Retire gnutls_require_mac et.al. These were nonfunctional since 4.80
and logged a warning sing 4.83; now they are a configuration file error.
JH/08 Bug 1836: Fix crash in VRFY handling when handed an unqualified name
(lacking @domain). Apply the same qualification processing as RCPT.
JH/09 Bug 1804: Avoid writing msglog files when in -bh or -bhc mode.
JH/10 Support ${sha256:} applied to a string (as well as the previous
certificate).
JH/11 Cutthrough: avoid using the callout hints db on a verify callout when
a cutthrough deliver is pending, as we always want to make a connection.
This also avoids re-routing the message when later placing the cutthrough
connection after a verify cache hit.
Do not update it with the verify result either.
JH/12 Cutthrough: disable when verify option success_on_redirect is used, and
when routing results in more than one destination address.
JH/13 Cutthrough: expand transport dkim_domain option when testing for dkim
signing (which inhibits the cutthrough capability). Previously only
the presence of an option was tested; now an expansion evaluating as
empty is permissible (obviously it should depend only on data available
when the cutthrough connection is made).
JH/14 Fix logging of errors under PIPELINING. Previously the log line giving
the relevant preceding SMTP command did not note the pipelining mode.
JH/15 Fix counting of empty lines in $body_linecount and $message_linecount.
Previously they were not counted.
JH/16 DANE: treat a TLSA lookup response having all non-TLSA RRs, the same
as one having no matching records. Previously we deferred the message
that needed the lookup.
JH/17 Fakereject: previously logged as a norml message arrival "<="; now
distinguished as "(=".
JH/18 Bug 1867: make the fail_defer_domains option on a dnslookup router work
for missing MX records. Previously it only worked for missing A records.
JH/19 Bug 1850: support Radius libraries that return REJECT_RC.
JH/20 Bug 1872: Ensure that acl_smtp_notquit is run when the connection drops
after the data-go-ahead and data-ack. Patch from Jason Betts.
JH/21 Bug 1846: Send DMARC forensic reports for reject and quaratine results,
even for a "none" policy. Patch from Tony Meyer.
JH/22 Fix continued use of a connection for further deliveries. If a port was
specified by a router, it must also match for the delivery to be
compatible.
JH/23 Bug 1874: fix continued use of a connection for further deliveries.
When one of the recipients of a message was unsuitable for the connection
(has no matching addresses), we lost track of needing to mark it
deferred. As a result mail would be lost.
JH/24 Bug 1832: Log EHLO response on getting conn-close response for HELO.
JH/25 Decoding ACL controls is now done using a binary search; the source code
takes up less space and should be simpler to maintain. Merge the ACL
condition decode tables also, with similar effect.
JH/26 Fix problem with one_time used on a redirect router which returned the
parent address unchanged. A retry would see the parent address marked as
delivered, so not attempt the (identical) child. As a result mail would
be lost.
JH/27 Fix a possible security hole, wherein a process operating with the Exim
UID can gain a root shell. Credit to http://www.halfdog.net/ for
discovery and writeup. Ubuntu bug 1580454; no bug raised against Exim
itself :(
JH/28 Enable {spool,log} filesystem space and inode checks as default.
Main config options check_{log,spool}_{inodes,space} are now
100 inodes, 10MB unless set otherwise in the configuration.
JH/29 Fix the connection_reject log selector to apply to the connect ACL.
Previously it only applied to the main-section connection policy
options.
JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext.
PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created
by me. Added RFC7919 DH primes as an alternative.
PP/02 Unbreak build via pkg-config with new hash support when crypto headers
are not in the system include path.
JH/31 Fix longstanding bug with aborted TLS server connection handling. Under
GnuTLS, when a session startup failed (eg because the client disconnected)
Exim did stdio operations after fclose. This was exposed by a recent
change which nulled out the file handle after the fclose.
JH/32 Bug 1909: Fix OCSP proof verification for cases where the proof is
signed directly by the cert-signing cert, rather than an intermediate
OCSP-signing cert. This is the model used by LetsEncrypt.
JH/33 Bug 1914: Ensure socket is nonblocking before draining after SMTP QUIT.
HS/01 Fix leak in verify callout under GnuTLS, about 3MB per recipient on
an incoming connection.
HS/02 Bug 1802: Do not half-close the connection after sending a request
to rspamd.
HS/03 Use "auto" as the default EC curve parameter. For OpenSSL < 1.0.2
fallback to "prime256v1".
JH/34 SECURITY: Use proper copy of DATA command in error message.
Could leak key material. Remotely explaoitable. CVE-2016-9963.
ok wiz@
|
|
|
|
|
|
|
|
This will create two sendmail service instances, :mta and :msp, to start
the two sendmail instances that are usually required. The :mta instance
optionally depends on spamassassin and spamass-milter.
|
|
|
|
|
|
- The 'isync' compatibility wrapper is now deprecated.
- An IMAP Path/NAMESPACE rooted in INBOX won't be handled specially any more.
This means that some Patterns may need adjustment.
- The default output is a lot less verbose now.
The meanings of the -V and -D options changed significantly.
- The SSL/TLS configuration has been re-designed.
SSL is now explicitly enabled or disabled - "use SSL if available" is gone.
Notice: Tunnels are assumed to be secure and thus default to no SSL.
- Support for SASL (flexible authentication) has been added.
- Support for Windows file systems has been added.
- Support for compressed data transfer has been added.
- Folder deletions can be propagated now.
|
|
|
|
|
|
* dovecot.list.index.log rotation sizes/times were changed so that
the .log file stays smaller and .log.2 is deleted sooner.
+ Added mail_crypt plugin that allows encryption of stored emails.
See http://wiki2.dovecot.org/Plugins/MailCrypt
+ stats: Global stats can be sent to Carbon server by setting
stats_carbon_server=ip:port
+ imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send
ID/XCLIENT
+ Added generic hash modifier for %variables:
%{<hash algorithm>;rounds=<n>,truncate=<bits>,salt=s>:field}
Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256.
Also "pkcs5" is supported using SHA256. For example: %{sha256:user}
or %{md5;truncate=32:user}.
+ Added support for SHA3-256 and SHA3-512 hashes.
+ config: Support DNS wildcards in local_name, e.g.
local_name *.example.com { .. } matches anything.example.com, but
not multiple.anything.example.com.
+ config: Support multiple names in local_name, e.g.
local_name "1.example.com 2.example.com" { .. }
- Fixed crash in auth process when auth-policy was configured and
authentication was aborted/failed without a username set.
- director: If two users had different tags but the same hash,
the users may have been redirected to the wrong tag's hosts.
- Index files may have been thought incorrectly lost, causing
"Missing middle file seq=.." to be logged and index rebuild.
This happened more easily with IMAP hibernation enabled.
- Various fixes to restoring state correctly in un-hibernation.
- dovecot.index files were commonly 4 bytes per email too large. This
is because 3 bytes per email were being wasted that could have been
used for IMAP keywords.
- Various fixes to handle dovecot.list.index corruption better.
- lib-fts: Fixed assert-crash in address tokenizer with specific input.
- Fixed assert-crash in HTML to text parsing with specific input
(e.g. for FTS indexing or snippet generation)
- doveadm sync -1: Fixed handling mailbox GUID conflicts.
- sdbox, mdbox: Perform full index rebuild if corruption is detected
inside lib-index, which runs index fsck.
- quota: Don't skip quota checks when moving mails between different
quota roots.
- search: Multiple sequence sets or UID sets in search parameters
weren't handled correctly. They were incorrectly merged together.
|
|
|
|
Notmuch 0.23.3 (2016-11-27)
===========================
Command Line Interface
----------------------
Treat disappearing files during notmuch new as non-fatal.
Test Suite
----------
Fix incompatibility (related to signature size) with gnupg 2.1.16.
|
|
Many of these definitely do not depend on readline.
So there must be a different underlying problem, and that
should be tracked down instead of papering over it.
|
|
|
|
|
