| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
3.1.1 (2020-09-16)
- Fixed bug #74215: Memory leaks with mailparse (cmb)
- Fixed bug #76498: Unable to use callable as callback (cmb)
- Compatibility with 8.0.0beta4
|
|
Changelog:
What's new in notmuch 0.31.3
=========================
Bindings
--------
Fix for exclude tags in notmuch2 bindings.
Build
-----
Portability update for T360-symbol-hiding
Library
-------
Fix for memory error in notmuch_database_get_config_list
|
|
|
|
* Sync with mail/thunderbird-78.6.0.
|
|
* Fix build with devel/cbindgen-0.16.0.
Changelog:
New
MailExtensions: Added browser.windows.openDefaultBrowser()
Changes
Thunderbird now only shows quota exceeded indications on the main window
MailExtensions: menus API enabled in messages being composed
MailExtensions: Honor allowScriptsToClose argument in windows.create API
function
MailExtensions: APIs that returned an accountId will reflect the account the
message belongs to, not what is stored in message headers
Fixes
Keyboard shortcut for toggling message "read" status not shown in menus
OpenPGP: After importing a secret key, Key Manager displayed properties of the
wrong key
OpenPGP: Inline PGP parsing improvements
OpenPGP: Discovering keys online via Key Manager sometimes failed on Linux
OpenPGP: Encrypted attachment "Decrypt and Open/Save As" did not work
OpenPGP: Importing keys failed on macOS
OpenPGP: Verification of clear signed UTF-8 text failed
Address book: Some columns incorrectly displayed no data
Address book: The address book view did not update after changing the name
format in the menu
Calendar: Could not import an ICS file into a CalDAV calendar
Calendar: Two "Home" calendars were visible on a new profile
Calendar: Dark theme was incomplete on Linux
Dark theme did not apply to new mail notification popups
Folder icon, message list, and contact side bar visual improvements
MailExtensions: HTTP refresh in browser content tabs did not work
MailExtensions: messageDisplayScripts failed to run in main window
Various security fixes
Security fixes:
#CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory to be exposed
#CVE-2020-26971: Heap buffer overflow in WebGL
#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free
#CVE-2020-26978: Internal network hosts could have been probed by a malicious webpage
#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
#CVE-2020-35112: Opening an extension-less download may have inadvertently launched an executable instead
#CVE-2020-35113: Memory safety bugs fixed in Thunderbird 78.6
|
|
|
|
This release fixes a few assorted bugs. Unfortunately, one of those (for
large-file support) required a change to the header cache structures; so
your header cache files will need to regenerate when opening each mailbox.
|
|
|
|
Errors immediately on startup.
File "/usr/pkg/share/newspipe/newspipe.py", line 496
except HTTPError, e:
^
SyntaxError: invalid syntax
Bump PKGREVISION.
|
|
Reset PKGREVISION by updating to 1.4.10.
|
|
Update roundcube to 1.4.10, including security fix.
RELEASE 1.4.10
--------------
- Fix extra angle brackets in In-Reply-To header derived from mailto: params (#7655)
- Fix folder list issue whan special folder is a subfolder (#7647)
- Fix Elastic's folder subscription toggle in search result (#7653)
- Fix state of subscription toggle on folders list after changing folder state from the search result (#7653)
- Security: Fix cross-site scripting (XSS) via HTML or Plain text messages with malicious content [CVE-2020-35730]
|
|
|
|
Change since 1.3.1 from RELEASE_NOTES
1.4.0 2018/06/??
Add ARC support. Extensive work contributed by ValiMail.
Add "DomainWhitelist" and "DomainWhitelistFile" config options.
Extract client IP address for ARC reports when provided via
Authentication-Results.
Update SQL schema to support new reporting functionality for DKIM
selectors and ARC local policy overrides (refer to the example
schema.mysql file).
Add experimental support for reporting of ARC local policy overrides.
Add support for recording and reporting of DKIM selectors.
Override a DMARC "fail" if an ARC "pass" is recorded in conjunction with
an ARC policy pass.
Fix bug #137: Handle base64 inside AR tokens that are values.
Problem reported by Joseph Coffland.
LIBOPENDMARC: Fix bug #203: Reject DMARC records that have duplicate
tags in them. Reported by Dirk Stoecker.
REPORTS: Feature request #146: Add option to pull input from a file.
REPORTS: Fix bug #153: Suppress duplicate results from the same
domain. Patch from Tomki Camp.
1.3.2 2017/03/04
Feature request #86: Change meaning of "RequiredHeaders" such that
header validity is always checked, but messages are only
rejected on that basis when the flag is set. Based
on a patch from Andreas Schulze.
Feature request #127: Log SPF results when rejecting. Requested
by Patrick Wagner; patch from Andreas Schulze, follow-up
patch from Juri Haberland.
Feature request #138: Inculde policy and disposition information
in an Authentication-Results comment. Based on a patch
from Juri Haberland.
Feature request #139: Include the client host name if known
in failure reports. Suggested by Roland Turner;
patch by Andreas Schulze.
Fix bug #95: Assume IPv6 for SPF operations. Patch from Juri Haberland.
Fix bug #120: Fix control logic around the SPF result.
Reported by Christophe Wolfhugel; patch from Andreas Schulze.
Fix bug #122: Don't skip the HELO milter phase when SPF is enabled.
Reported by Christophe Wolfhugel.
Fix bug #157: Fix logging of implicit authserv-ids. Reported
by Andreas Schulze; patch from Juri Haberland.
Fix bug #158: Log ignored connections. Patch from Andreas Schulze.
Fix bug #160: Fix "SyslogFacility" handling. Patch from
Juri Haberland.
Fix bug #163: Use a larger buffer for the raw MAIL FROM value.
Based on a patch from Andreas Schulze.
Fix bug #174: Trim "!" suffixes from reporting addresses. Problem
noted by Juri Haberland.
Fix bug #186: When reloading the configuration file, the public
suffix list was read in with the wrong comment indicator.
Patch from Federico Omoto.
Fix bug #194: Fix inappropriate DMARC status when "p=none" is
discovered. Patch from Juri Haberland.
Fix bug #195: When parsing Received-SPF, use the correct constants
in the history file entries. Patch from Juri Haberland.
LIBOPENDMARC: Fix bug #115: Fix type mismatch. Patch from
Sebastian A. Siewior via Scott Kitterman.
LIBOPENDMARC: Fix bug #121: Fix IPv6 CIDR matching in SPF code.
Patch from Christophe Wolfhugel.
LIBOPENDMARC: Fix bug #125: Compile time IPv6 fix. Reported by
Christophe Wolfhugel.
LIBOPENDMARC: Fix bug #131: Fix alignment bug. Patch from
Andreas Schulze.
LIBOPENDMARC: Fix bug #147: Fix stripping of whitespace from
DMARC DNS records. Based on a patch from Job Noorman.
LIBOPENDMARC: Fix bug #149: Apply "sp" setting, if present and
applicable. Patch from Petr Novak.
LIBOPENDMARC: Fix bug #154: Fix "rf" and "fo" processing logic.
LIBOPENDMARC: Fix bug #156: Fix variable name. Patch by
Andreas Schulze.
LIBOPENDMARC: Fix bug #165: Fix logic in checking which SPF
identifier was used. Patches from Marco Favero and
Juri Haberland.
LIBOPENDMARC: Fix bug #167: Don't return "fail" when we should
return "none". Patch from Marco Favero.
REPORTS: Fix bug #134: Handle SMTP errors correctly. Patch from
Andreas Schulze.
REPORTS: Fix bug #141: Set the HELO parameter correctly.
Reported by Alan Smith; patch from Andreas Schulze.
REPORTS: Fix bug #143: Fix logic in table truncation.
Reported by Wayne Andersen; patch from Juri Haberland.
REPORTS: Fix bug #162: Always report "sp" in aggregate reports.
Patch from Juri Haberland.
REPORTS: Fix bug #166: Fix report start/end time logic.
Patch from Juri Haberland.
REPORTS: Fix bug #188: Don't delete inputs too early in
opendmarc-reports. Patch from Juri Haberland.
TOOLS: Fix bug #161: "Forensic" reports were renamed "Failure"
reports. Patch from Andreas Schulze.
TOOLS: Fix bug #164: Handle IPv6 test addresses. Reported by
Andreas Schulze; patch from Juri Haberland.
DOCS: Patch #189: Replace the DMARC RFC with an HTML page
referencing the relevant specs, since Debian doesn't
consider RFCs to be "free". Patch from Scott Kitterman
via Juri Haberland.
|
|
|
|
- fix example spamc arguments in FAQ. Thanks: Christoph Scholzen.
- document exit codes in manpages. Thanks: Langenxx Feld.
|
|
|
|
- qmail-qfilter-{ofmipd,smtpd}-queue: Remove after 2 years' deprecation.
If you're using these, please switch to qmail-qfilter-queue.
- qmail-qfilter-viruscan: Optionally build with qmail-queue-custom-error
support, returning the same error message as Russ Nelson's original
viruscan patch.
- qmail-qfilter-queue.8, qmail-rcptcheck.8: Add an ERRORS section.
|
|
Bump version.
|
|
- fixsmtpio: Fix segfault by making sure eventq_get() returns a
free()-able string.
|
|
Darwin doesn't install include files in ${KRB5BASE}
(They are in the SDK instead)
therefore let fetchmail use krb5-config to determine how to
link against kerberos
|
|
under TLS. Bump version.
|
|
- reup: Delete, because retrying AUTH has been broken ever since TLS was
added to authup.
- authup: Fix AUTH retries under TLS by inlining the retry logic.
- fixsmtpio: Fix process-management bugs in "Ensure STARTTLS resets all
state by restarting qmail-smtpd."
- Manual pages: considerably improve clarity of authup(8) and
fixsmtpio(8). Mention s6-ucspitlsd, a new UCSPI-TLS server
implementation coming soon to s6-networking.
|
|
2020-11-27 Richard Russon <rich@flatcap.org>
* Bug Fixes
- Fix crash when saving an alias
* Translations
- 70% Russian
* Code
- Remove redundant function call
|
|
|
|
* Sync with mail/thunderbird-78.5.1.
|
|
Changelog:
What's New
OpenPGP: Added option to disable email subject encryption
Changes
OpenPGP public key import now supports multi-file selection and bulk accepting imported keys
MailExtensions: getComposeDetails will wait for "compose-editor-ready" event
Fixes
New mail icon was not removed from the system tray at shutdown
"Place replies in the folder of the message being replied to" did not work when using "Reply to List"
Thunderbird did not honor the "Run search on server" option when searching messages
Highlight color for folders with unread messages wasn't visible in dark theme
OpenPGP: Key were missing from Key Manager
OpenPGP: Option to import keys from clipboard always disabled
The "Link" button on the large attachments info bar failed to open up Filelink section in Options if the user had not yet configured Filelink
Address book: Printing members of a mailing list resulted in incorrect output
Unable to connect to LDAP servers configured with a self-signed SSL certificate
Autoconfig via LDAP did not work as expected
Calendar: Pressing Ctrl-Enter in the new event dialog would create duplicate events
Various security fixes
Security fixes:
#CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server response codes
|
|
|
|
|
|
When using slang, do not use ncurses synbols
|
|
This release fixes several bugs, including a possible crash bug. It also
addresses some long-standing bugs with exact-address handling.
|
|
|
|
For the Python 3.8 default switch.
|
|
|
|
|
|
Change log:
1.3.0
======
- GTK 3 Port
- Remove Libgcrypt dependency
- Move "watching" column to the left to avoid overlapping with scrollbar
- Add support for XfceTitledDialog new API
- Fix cast to pointer
- Replace deprecated GTimeVal
- Update URLs from goodies.x.o to docs.x.o (Bug #16167)
- Added support for multi-row/column panels in xfce4-panel > 4.9
- Fix running command on each change of the count
- Fix running an empty command
- Do not run command when new message count is 0
- Add SSL support CFLAGS and LDFLAGS conditionally
- Translation Updates:
Albanian, Arabic, Asturian, Basque, Belarusian, Bulgarian, Catalan,
Chinese (China), Chinese (Taiwan), Croatian, Czech, Danish, Dutch,
English (Australia), English (United Kingdom), Finnish, French,
Galician, German, Greek, Hebrew, Hungarian, Icelandic, Indonesian,
Interlingue, Italian, Japanese, Korean, Latvian, Lithuanian, Malay,
Norwegian Bokmål, Occitan (post 1500), Polish, Portuguese,
Portuguese (Brazil), Russian, Serbian, Slovak, Slovenian, Spanish,
Swedish, Thai, Turkish, Ukrainian, Urdu, Urdu (Pakistan), Uyghur,
Vietnamese
|
|
|
|
|
|
IMAPFilter 2.7.4 - 18 Nov 2020
- Bug fix; incorrect argument to regular expression compile function.
IMAPFilter 2.7.3 - 14 Nov 2020
- Bug fix; incorrect free of compiled pattern.
- Unexpected network errors and IMAP BYE are now logged.
IMAPFilter 2.7.2 - 10 Nov 2020
- Makefile is back to being Lua version agnostic.
IMAPFilter 2.7.1 - 9 Nov 2020
- Makefile now builds with Lua 5.4 and PCRE2.
IMAPFilter 2.7 - 8 Nov 2020
- Lua 5.4 compatibility (the codebase can still be compiled with versions
5.3, 5.2 and 5.1).
- PCRE2 compatibility (version 10.00 and later)
- New error code is returned if certificate verify fails.
- Bug fix; add missing truststore option from brief usage message.
IMAPFilter 2.6.16 - 23 Nov 2019
- Bug fix; escape the double-quote character in passwords.
IMAPFilter 2.6.15 - 14 Nov 2019
- Bug fix; try to setup both a CA file and path for SSL validations.
IMAPFilter 2.6.14 - 1 Nov 2019
- Bug fix; OpenSSL version mess up for SSL hostname validation.
IMAPFilter 2.6.13 - 17 Sep 2019
- Support for SSL hostname validation.
IMAPFilter 2.6.12 - 3 Oct 2018
- Support for Server Name Indication (SNI).
- The searching methods return values are described in the config man page.
- Example of using the enter_idle() function in the sample extend file.
IMAPFilter 2.6.11 - 19 Nov 2017
- Support for interrupting IDLE mode with SIGUSR1/SIGUSR2.
- New "persist" option to try to recover a connection indefinitely.
- New "range" option to limit messages included in a range.
- Bug fix; always close selected mailbox before check_status().
- Bug fix; closing of selected mailbox twice with fetch_message().
|
|
* 3.17.8
--------
* Shielded template's |program{} and |attach_program{} so that the
command-line that is executed does not allow sequencing such as
with && || ;, preventing possible execution of nasty, or at least
unexpected, commands
* fixed bug 4376, 'Litehtml breaks locale'
* updated English, French, and Spanish manuals
* 3.17.7
--------
* Image Viewer: Image attachments, when displayed, are now resized
to fit the available width rather than the available height.
* -d is now an alias to --debug.
* Libravatar plugin: New styles supported: Robohash and Pagan.
* SpamAssassin plugin: The 'Maximum size' option now matches
SpamAssassin's maximum; it can now handle messages up to 256MB.
* LiteHTML viewer plugin: The UI is now translatable.
* The manual has been updated.
* The man page has been updated.
* Updated translations: French, Spanish.
* bug fixes:
o bug 4313, 'Recursion stack overflow with rebuilding folder
tree'
o bug 4372, '[pl_PL] Crash after "Send later" without
recipient and then "Close"'
o bug 4373, 'attach mailto URI double free'
o bug 4374, 'insert mailto URI misses checks'
o bug 4384, 'U+00AD (soft hyphen) changed to space in
Subject'
o bug 4386, 'Allow Sieve config without userid without
warning'
o Add missing SSL settings when cloning accounts.
o Parsing of command-line arguments.
o PGP Core plugin: fix segv in address completion with a
keyring.
o Libravatar plugin: fixes to image display.
* 3.17.6
--------
* It is now possible to 'Inherit Folder properties and processing
rules from parent folder' when creating new folders with the
move message and copy message dialogues.
* A Phishing warning is now shown when copying a phishing URL, (in
addition to clicking a phishing URL).
* The progress window when importing an mbox file is now more
responsive.
* A warning dialogue is shown if the selected privacy system is
'None' and automatic signing amd/or encrypting is enabled.
* Python plugin: pkgconfig is now used to check for python2. This
enables the Python plugin (which uses python2) to be built on
newer systems which have both python2 and python3.
* Add translation: Greek.
* Updated translation: Polish.
* bug fixes:
o bug 3922, 'minimize to tray on startup not working'
o bug 4220, 'generates files in cache without content'
o bug 4325, 'Following redirects when retrieving image'
o bug 4342, 'Import mbox file command doesn't work twice on a
row'
o fix STARTTLS protocol violation
o fix initial debug line
o fix fat-fingered crash when v (hiding msgview) is pressed
just before c (check signature)
o fix non-translation of some Templates strings
|
|
1.2.2
Added
Apache License version 2.0
Support for SMTP AUTH, with AUTH hooks feature
Built-in implementation for AUTH PLAIN and AUTH LOGIN logic
Feature to inject keyword args during server class instantiation in Controller.factory
Support for Python 3.8 and 3.9.0
Fixed/Improved
Don’t strip last \r\n prior to terminating dot.
Slight improvement to make Test Suite more maintainable
No more failures/DeprecationWarnings for Python 3.8
Faster _handle_client() processing
Faster method access for smtp_*, handle_*, and auth_* hooks
Removed
Unit Tests that mocked too deep, possibly masking observable internal behaviors
Drop support for Python 3.5
|
|
|
|
Alpine 2.23
* Implementation of XOAUTH2 authentication support for Outlook. Based on
documentation suggested by Andrew C Aitchison.
* Add support for the OAUTHBEARER authentication method in Gmail. Thanks to
Alexander Perlis for suggesting it and explaining how the method works.
* Creation of Alpine's Privacy Policy. This is presented as a link to an
online document from the Release Notes (Link at the top of this document.)
Upon user request, Alpine downloads and displays this document. Links to
the privacy policy are also displayed when a user starts Alpine for the
first time, or when a user starts a new version of Alpine. There is no
default exit greeting command for these screens, and to exit the user must
press "E", instead of the old default, which was the RETURN command. The
RETURN command will open the handle on which the cursor is on, which by
default is the Privacy Policy.
* Support for the SASL-IR IMAP extension that avoids a round trip during
authentication. Similar support added for the SMTP, NNTP and POP3
protocols. Thanks to Geoffrey Bodwin for a report that lead to this
implementation.
* Alpine can pass an HTML message to an external web browser, by using the
"External" command in the ATTACHMENT INDEX screen.
* New configuration variable external-command-loads-inline-images-oly that
controls if Alpine will keep the source link to all the images in the HTML
message, or will only pass a link to inline images included in the message.
For your privacy and security this feature is enabled by default.
* When reading an email and a user selects an email address to which to
compose a message from the message, the user will be able to select a role
to compose that message.
* New variable system-certs-path that allows users to indicate the location
of the directory where certificates are located. In PC-Alpine this must be
C:\libressl\ssl\certs. The C: drive can be replaced by the name of the
drive where the binary and DLL files are located.
* New variable system-certs-file that allows users to configure the location
of a container of certificate authority (CA) certificates to be used to
validate certificates of remote servers.
* Remove sleep of 5 seconds for mailcap programs that use the terminal to
display content. Suggested by Carl Edquist. In addition, remove
configurable process table command and its corresponding sleep time.
Bugs that have been addressed include:
* Security Bug: Alpine can be configured to start a secure connection using
/tls on an insecure connection. However, if the connection is PREAUTH,
Alpine will not upgrade the connection to a secure connection, because a
client must not issue a STARTTLS to a server that supports it in
authenticated state. This makes Alpine continue to use an insecure
connection with the server, exposing user data. Reported by Damian
Poddebniak and Fabian Ising from Muenster University of Applied Sciences.
* Selecting by subject might not copy the subject of the current message to
the selection text correctly. Reported by Iosif Fettich.
* Alpine does not set the return path correctly when using a role while
bouncing a message. Reported by Dr. C. Griewatsch.
* Bug in PC-Alpine that made Alpine go into an infinite loop and consume CPU
when it was iconized. Reported by Holger Schieferdecker in comp.mail.pine.
* Crash in Alpine when attempting to reply to a multipart/alternative message
that is malformed, and the option to include attachments in reply is
enabled. Reported and patched by Peter Tirsek.
* Bug that makes Alpine split encoded words in the subject of a message in
the middle of a utf-8 character into two encoded words, breaking the
encoding. Reported by Jean Chevalier.
* Alpine would not redraw the screen when a check for new mail in an incoming
folder failed due to a failure while validating the server certificate,
and the user did not allow the connection to proceed.
* Crash in Alpine while resizing the screen when using any of the tokens
SUBJKEYTEXT, SUBJECTTEXT, or SUBJKEYINITTEXT in the index format, and the
screen was resized. Reported by Iggy Mogo.
* When Alpine is trying to authenticate to Gmail, using the XOAUTH2 method,
it does not display the url the user needs to open, in order to authorize
Alpine to access Gmail using XOAUTH2 when Alpine still has not created a
screen. Reported by Baron Fujimoto.
* When an html anchor does not quote the link in the href parameter, alpine
does not link to it.
* Attempt to fix a bug that breaks scrolling of a message in Alpine when the
screen is resized. Reported in the Debian bug system at
https://bugs.debian.org/cgi-bin/bugreport.cgie?bug=956361.
Alpine 2.24
* Implementation of XOAUTH2 for Yahoo! Mail.
* Expansion of the configuration screen for XOAUTH2 to include username,
authorization flow, and tenant.
* XOAUTH2: automatic renew of access token and connection to a server within
60 seconds of expiration of the access token.
* If a user has more than one client-id for a service, Alpine asks the user
which client-id to use and associates that client-id to the credentials in
the XOAUTH2 configuration screen.
* Addition of Yandex.com to the list of services that Alpine can use XOAUTH2
to authenticate for reading and sending email.
* Addition of a link to the Apache License 2.0 (see above). This is available
from the Release Notes as well as the welcome screen.
* Modifications to protect the privacy of users:
+ Alpine does not generate Sender or X-X-Sender by default by enabling
[X] Disable Sender as the default.
+ Alpine does not disclose User Agent by default by enabling [X] Suppress
User Agent by default.
+ Alpine uses the domain in the From: header of a message to generate a
message-id and suppresses all information about Alpine, version,
revision, and time of generation of the message-id from this header.
This information is replaced by a random string.
* Unix Alpine displays configure options and flags when invoked as "alpine
-v". Suggested by Matt Ackeret.
* Alpine will ding the terminal bell when asking about quitting when new mail
arrives. This is consistent with Alpine dinging the bell when new mail
arrives. The bell will not ding if it is disabled for status messages.
Suggested by Chime Hart.
* When messages are selected, pressing the ";" command to broaden or narrow a
search, now offers the possibility to completely replace the search, and is
almost equivalent to being a shortcut to "unselect all messages, and select
again". The difference is that cancelling this command will not unselect
all currently selected messages. Suggested by Holger Trapp.
* Alpine will not write debug files unless started with the option -d, so for
example "alpine -d 2" will generate a debug file at level 2, but just
issuing the alpine command will not write any debug to a file.
* Experimental: Attempt to implement the Encryption Range in Windows. It
works in Windows 10, and it should work in Windows 8.1. It needs testing in
Windows 7 and Windows Vista.
* Addition of variables user-certs-path and user-certs-file which allow a
user to specify locations for certificates that the user trusts.
* Ignore non-empty initial challenge in the GSSAPI authenticator. Based on a
patch written by Jarek Polok, but submitted by Ignacio Reguero.
* When a server expires a refresh token, Alpine needs to cancel it
internally. Alpine will attempt to get a new one when it reopens the folder
after it cancels it.
* Set up the IMAP ID at the moment of logging in to the server, rather than
as a one time option, in case we need to use a special IMAP ID.
Bugs that have been addressed include:
* When Alpine starts a PREAUTH connection, it might still ask the user to
login. Reported by Frank Tobin.
* Crash while resizing the screen when viewing a calendar event.
* When Alpine opens a folder in a server whose address is given numerically
it might crash due to an incorrect freeing of memory. Reported by Wang
Kang.
* Crash when Alpine frees memory on a system where LC_CTYPE is not
configured, and the user calls the file browser to attach files to a
message. Reported by Luis Gerardo Tejero.
* Invalid signatures created by Alpine, when built with recent releases of
the Openssl-1.1.1 series (but not in the Openssl-1.0.1 series). Fix
contributed by Bernd Edlinger.
* After returning from the directory side of a dual-folder, sometimes Alpine
would return to the first folder in the parent directory or to the
dual-folder. The fix is to return to the original dual-folder as intended.
Reported by Holger Trapp.
* When an attachment is deleted and the original message is saved, Alpine
might write only a part of the name of the file deleted. Reported by Holger
Trapp.
* URLs that are surrounded by white space are not cleaned by Alpine before
passing them to the browser, resulting in no display of the URL when Alpine
tries to open it. Reported by Gregory Heytings.
* When Alpine is built without smime, password file functionality might fail.
Reported by Andres Fehr.
* Crash in PC-Alpine when using the eXternal command.
* Fix in Macs that made Alpine abort a ssh connection to an imap server.
Reported and assisted by Wang Kang.
|
|
Fixed in Postfix version 3.5.8:
[Postfix 3.5 and later] The Postfix SMTP client inserted <CR><LF> into message headers with lines longer than $line_length_limit (default: 2048), causing all subsequent header content to become message body content. Reported by Andreas Weigel.
Fixed in Postfix versions 3.5.8, 3.4.18, 3.3.15, 3.2.20:
[Postfix 2.8 and later] The postscreen daemon did not save a copy of the postscreen_dnsbl_reply_map lookup result. This has no effect when the recommended texthash: lookup table is used, but it could result in stale data with other lookup tables.
[Postfix 2.3 and later] After deleting a recipient with a Milter, the Postfix recipient duplicate filter was not updated; the filter suppressed requests to add the recipient back. Reported by Mehmet Avcioglu.
[Postfix 2.3 and later] Memory leak: the static: maps did not free their casefolding buffer.
[Postfix 2.2 and later] With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a TLS handshake, after processing an XCLIENT command. Reported by Aki Tuomi.
[Postfix 2.0 and later] The smtp_sasl_mechanism_filter implementation ignored table lookup errors, treating them as 'not found'.
[Postfix alpha and later] The code that looks for Delivered-To: headers ignored headers longer than $line_length_limit (default: 2048).
|
|
|
|
This is an important bug fix release, addressing CVE-2020-28896. Mutt had
incorrect error handling when initially connecting to an IMAP server, which
could result in an attempt to authenticate without enabling TLS.
|
|
2020-11-20 Richard Russon <rich@flatcap.org>
* Security
- imap: close connection on all failures
* Features
- alias: add <limit> function to Alias/Query dialogs
- config: add validators for {imap,smtp,pop}_authenticators
- config: warn when signature file is missing or not readable
- smtp: support for native SMTP LOGIN auth mech
- notmuch: show originating folder in index
* Bug Fixes
- sidebar: prevent the divider colour bleeding out
- sidebar: fix <sidebar-{next,prev}-new>
- notmuch: fix <entire-thread> query for current email
- restore shutdown-hook functionality
- crash in reply-to
- user-after-free in folder-hook
- fix some leaks
- fix application of limits to modified mailboxes
- write Date header when postponing
* Translations
- 100% Lithuanian
- 100% Czech
- 70% Turkish
* Docs
- Document that $sort_alias affects the query menu
* Build
- improve ASAN flags
- add SASL and S/MIME to --everything
- fix contrib (un)install
* Code
- my_hdr compose screen notifications
- add contracts to the MXAPI
- maildir refactoring
- further reduce the use of global variables
* Upstream
- Add $count_alternatives to count attachments inside alternatives
|
|
* Sync with mail/thunderbird-78.5.0.
|
|
* Fix build with lang/rust-1.47.0.
Changelog:
78.5.0
What's New
OpenPGP: Added option to disable attaching the public key to a signed message
MailExtensions: "compose_attachments" context added to Menus API
MailExtensions: Menus API now available on displayed messages
Changes
MailExtensions: browser.tabs.create will now wait for "mail-delayed-startup-finished" event
Fixes
OpenPGP: Support for inline PGP messages improved
OpenPGP: Message security dialog showed unverified keys as unavailable
Chat: New chat contact menu item did not function
Various theme and usability improvements
Various security fixes
#CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
#CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local network
#CVE-2020-26968: Memory safety bugs fixed in Thunderbird 78.5
78.4.3
Fixes
User interface was inconsistent when switching from the default theme to the dark theme and back to the default theme
Email subject would disappear when hovering over it with the mouse when using Windows 7 Classic theme
78.4.2
Fixes
Security fix
#CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for
78.4.1
What's New
Thunderbird prompts for an address to use when starting an email from an address book entry with multiple addresses
Fixes
Searching global search results did not work
Link location was not focused by default when adding a hyperlink in message composer
Advanced address book search dialog was unusable
Encrypted draft reply emails lost "Re:" prefix
Replying to a newsgroup message did not open the compose window
Unable to delete multiple newsgroup messages
Appmenu displayed visual glitches
Visual glitches when selecting multiple messages in the message pane and using Ctrl+click
Switching between dark and light mode could lead to unreadable text on macOS
78.4.0
What's New
MailExtensions: browser.tabs.sendMessage API added
MailExtensions: messageDisplayScripts API added
Changes
Yahoo and AOL mail users using password authentication will be migrated to OAuth2
MailExtensions: messageDisplay APIs extended to support multiple selected messages
MailExtensions: compose.begin functions now support creating a message with attachments
Fixes
Thunderbird could freeze when updating global search index
Multiple issues with handling of self-signed SSL certificates addressed
Recipient address fields in compose window could expand to fill all available space
Inserting emoji characters in message compose window caused unexpected behavior
Button to restore default folder icon color was not keyboard accessible
Various keyboard navigation fixes
Various color-related theme fixes
MailExtensions: Updating attachments with onBeforeSend.addListener() did not work
Various security fixes
Security fixes:
#CVE-2020-15969: Use-after-free in usersctp
#CVE-2020-15683: Memory safety bugs fixed in Thunderbird 78.4
78.3.3
Fixes
OpenPGP: Improved support for encrypting with subkeys
OpenPGP message status icons were not visible in message header pane
OpenPGP Key Manager was missing from Tools menu on macOS
Creating a new calendar event did not require an event title
78.3.2
Changes
Thunderbird will no longer automatically install updates when Preferences tab is opened
Fixed
OpenPGP: Improved support for encrypting with subkeys
OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly
Single-click deletion of recipient pills with middle mouse button restored
Searching an address book list did not display results
Windows installer was unreadable with Windows in high contrast mode
Dark mode, high contrast, and Windows theming fixes
|
|
|
|
grep. Install directly to ${PREFIX}. Bump PKGREVISION.
|
