| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
* pkgsrc change: Add supportfor blocklistd(3) (and blacklistd(3)).
* From release annuonce:
Fixed in Postfix 3.6.2, 3.5.12, 3.4.22, 3.3.19:
* In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal
error in the compatibility_level parser, because there was no
'errno = 0' statement before an strtol() call. In Postfix
3.3-3.5, fixed two older latent bugs of this kind (introduced
in 1999 and in Postfix 2.11). Problem reported by David Bohman.
* (problem introduced in Postfix 3.3) "Null pointer read" error
in the cleanup daemon when "header_from_format = standard" (the
default as of Postfix 3.3), and email was submitted with
/usr/sbin/sendmail without From: header, and an all-space full
name was specified in 1) the password file, 2) with "sendmail
-F", or 3) with the NAME environment variable. Found by Renaud
Metrich.
* (problem introduced in Postfix 2.4) False "too many reverse
jump" warnings in the showq daemon, because loop detection code
was comparing memory addresses instead of queue file names.
Reported by Mehmet Avcioglu.
* (problem introduced in 1999) The Postfix SMTP server was sending
all session transcripts to the error_notice_recipient (default:
postmaster), instead of sending transcripts of bounced mail to
the bounce_notice_recipient (default: postmaster). Reported by
Hans van Zijst.
Fixed in Postfix 3.6.2, 3.5.12, 3.4.22:
* The texthash: map implementation broke tls_server_sni_maps,
because it did not support multi-file inputs. Reported by
Christopher Gurnee, who also found an instance of the missing
code in the "postmap -F" source code. File: util/dict_thash.c.
|
|
|
|
* Sync with mail/thunderbird-78.12.0.
|
|
Changelog:
Fixes:
Sending an email containing HTML links with spaces in the URL sometimes
resulted in broken links
Folder Pane display theme fixes for macOS
Chat account settings did not always save as expected
RSS feed subscriptions sometimes lost
Calendar: A parsing error for alarm triggers of type "DURATION" caused sync
problems for some users
Various security fixes
Security fixes:
#CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could
be processed
#CVE-2021-29970: Use-after-free in accessibility features of a document
#CVE-2021-30547: Out of bounds write in ANGLE
#CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12
|
|
* Sync with mail/thunderbird-78.11.0.
|
|
Changelog:
Fixes
OpenPGP could not be disabled for an account if a key was previously configured
Recipients were unable to decrypt some messages when the sender had changed the
message encryption from OpenPGP to S/MIME
Contacts moved between CardDAV address books were not synced to the new server
CardDAV compatibility fixes for Google Contacts
Folder pane had no clear indication of focus on macOS
Windows theme improvements
Various security fixes
Security fixes:
#CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message
#CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11
|
|
|
|
|
|
This is the first release using gtk3.
|
|
|
|
|
|
This is a bug fix release, fixing some redraw issues as well as a List Menu
bug for mbox-style mailboxes.
|
|
The update fixes CVE-2020-35573 and CVE-2021-35525
|
|
Upstream changes:
version 1.00: Wed 14 Oct 19:14:36 CEST 2020
Fixes:
- fix metadata [Mohammad S Anwar]
- when the username of an address contains " [Andy Beverley]
|
|
Upstream changes:
version 2.21: Fri 28 May 12:01:00 CEST 2021
Changes:
- application/octet-stream is better for .dat [issue #11, Даша Федорова]
- add video/webm which Google forgot to register [issue #12, Brent Laabs]
- add image/webp which Google registered too late [issue #12, Brent Laabs]
version 2.20: Thu 22 Apr 12:48:35 CEST 2021
Fixes:
- problems with PAUSE cause the previous release to show-up in
the wrong location. Let's hope this release solves it.
Changes:
- heif/heic/heifs/heics/hif fix [issue #9, Даша Федорова]
- no 'and' and 'or' extensions [issue #9, Даша Федорова]
- application/octet-stream is better for .bin [issue #10, Даша Федорова]
version 2.19: Fri 16 Apr 11:47:10 CEST 2021
Improvements:
- update with the newest data from IANA and Apache httpd
Changes:
- mp4 preference is video/mp4 [issue #5, Даша Федорова]
- yt preference is video/vnd.youtube.yt [issue #6, Даша Федорова]
- 3gp and 3gpp preference is video/3gpp [issue #7, Даша Федорова]
version 2.18: Wed 9 Dec 10:29:46 CET 2020
Improvements:
- update with newest data
Changes:
- Mojo 6.0 changed types() into mapping() [Dmitry Latin]
- Mojo 7.94 adds experimental file_type()
- Mojo 7.94 adds experimental content_type()
|
|
Upstream changes:
Version 3.033
No changes since previous version, just made non-trial.
Version 3.032
Fix an error in printing to Net::SMTP (thanks, Peter Heirich)
Add "use warnings" and require v5.6
|
|
Upstream changes:
version 3.010: Wed 14 Oct 19:22:36 CEST 2020
Fixes:
- username of address as quoted-string. [Andy Beverley]
|
|
Upstream changes:
version 3.43: Tue Feb 16 16:53:26 UTC 2021
- admin: update copyright, move from rt.cpan.org (retired) to github
- rt.cpan.org#132720: compress: Readmethod: avoid false-positive EOF
[Eric Wong]
- rt.cpan.org#129920: Parsing headers fails under special condition
[Jens Berthold]
- rt.cpan.org#132654: avoid cyclic reference on ->compress
[Eric Wong]
- rt.cpan.org#132380: append_string can fail to match APPENDUID in response
[Radomír Polách]
- rt.cpan.org#133496: allow for undocumented BODYSTRUCTURE extensions
[Rhesa Rozendaal]
|
|
Update HOMEPAGE
Upstream changes:
1.543 2021-01-30
No changes, except a test that contains a sample of a virus is now only
stored in the git repo, not in the shipped distribution.
|
|
Upstream changes:
2.500 2021-07-04 13:26:47-04:00 America/New_York
- version bumped to account for change in fractional part precision
1.500 2021-06-20 20:30:24-04:00 America/New_York
- adjust version number for bookkeeping reasons
1.300036 2021-06-17 09:51:12-04:00 America/New_York
- add "maybestarttls" option, to allow opportunistic STARTTLS
(thanks, Marc Bradshaw!)
1.300035 2020-10-10 12:34:29-04:00 America/New_York
- drop some needless version checking from the days when we worked with
broken Net::SMTPs (thanks, Bernhard Graf and Aristotle Pagaltzis and
Pali Rohár)
- documentation tweaks and spelling corrections (thanks, James E
Keenan, Stefan Hornburg, M Somerville, and jazzkutya)
|
|
Upstream changes:
1.026 2021-01-10 15:31:45-05:00 America/New_York
- don't use more memory than necessary to store parts of an encoded
parameter (thanks, Pali)
|
|
Upstream changes:
3.009 2021-06-20 16:54:40-04:00 America/New_York
- MIME::Entity 5.508 is required for operation
- update author information
- add a perl support section to docs
|
|
No change except version.
|
|
No change except version.
|
|
8.16.1/8.16.1 2020/07/05
SECURITY: If sendmail tried to reuse an SMTP session which had
already been closed by the server, then the connection
cache could have invalid information about the session.
One possible consequence was that STARTTLS was not
used even if offered. This problem has been fixed
by clearing out all relevant status information
when a closed session is encountered.
OpenSSL versions before 0.9.8 are no longer supported.
OpenSSL version 1.1.0 and 1.1.1 are supported.
Initial support for DANE (see RFC 7672 et.al.) is available if
the compile time option DANE is set. Only TLSA RR 3-1-x
is currently implemented.
New options SSLEngine and SSLEnginePath to support OpenSSL engines.
Note: this feature has so far only been tested with the
"chil" engine; please report problems with other engines
if you encounter any.
New option CRLPath to specify a directory which contains
hashes pointing to certificate revocations files.
Based on patch from Al Smith.
New rulesets tls_srv_features and tls_clt_features which
can return a (semicolon separated) list of TLS related
options, e.g., CipherList, CertFile, KeyFile,
see doc/op/op.me for details.
To automatically handle TLS interoperability problems for outgoing
mail, sendmail can now immediately try a connection again
without STARTTLS after a TLS handshake failure.
This can be configured globally via the option
TLSFallbacktoClear or per session via the 'C' flag
of tls_clt_features.
This also adds the new value "CLEAR" for the macro
{verify}: STARTTLS has been disabled internally for
a clear text delivery attempt.
Apply Timeout.starttls also to the server waiting for the TLS
handshake to begin. Based on patch from Simon Hradecky.
New compile time option TLS_EC to enable the use of elliptic
curve cryptography in STARTTLS (previously available as
_FFR_TLS_EC).
Handle MIME boundaries specified in headers which contain CRLF.
Fix detection of loopback net (it was broken when compiled
with NETINET6) and only set the macros {if_addr_out}
and {if_family_out} if the interface of the outgoing
connection does not belong to the loopback net.
Fix logic to enable a milter to delete a recipient in
DeliveryMode=interactive even if it might be subject
to alias expansion.
Log name of a milter making changes (this was missing for
some functions).
Log the actual reply of a server when an SMTP delivery problem
occurs in a "reply=" field if possible.
Log user= for failed AUTH attempts if possible. Based on
patch from Packet Hack, Jim Hranicky, Kevin A. McGrail,
and Joe Quinn.
Add CDB as map type. Note: CDB is a "Constant DataBase", i.e.,
no changes can be made after it is created, hence it
does not work with vacation(1) nor editmap(8) (except
for query mode).
Fix some memory leaks (mostly in error cases) and properly handle
copied varargs in sm_io_vfprintf(). The issues were found
using Coverity Scan and reported (including patches) by
Ondřej Lysoněk of Red Hat.
Do not override ServerSSLOptions and ClientSSLOptions when they
are specified on the command line. Based on patch from
Hiroki Sato.
Add RFC7505 Null MX support for domains that declare they do not
accept mail.
New compile time option LDAP_NETWORK_TIMEOUT which is set
automatically when LDAPMAP is used and
LDAP_OPT_NETWORK_TIMEOUT is available to enable the
new -c option for LDAP maps to specify the network timeout.
CONFIG: New FEATURE(`tls_session_features') to enable standard
rules for tls_srv_features and tls_clt_features; for
details see cf/README.
CONFIG: New options confSSL_ENGINE and confSSL_ENGINE_PATH
for SSLEngine and SSLEnginePath, respectively.
CONFIG: New options confDANE to enable DANE support.
CONFIG: New option confTLS_FALLBACK_TO_CLEAR for TLSFallbacktoClear.
CONFIG: New extension CITag: for TLS restrictions, see cf/README
for details.
CONFIG: FEATURE(`blacklist_recipients') renamed to
FEATURE(`blocklist_recipients').
CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to
canonicalize IPv6 addresses; if cidrexpand is used with IPv6
addresses then UseCompressedIPv6Addresses must be disabled.
DOC: The dns map can return multiple values in a single result
if the -z option is used.
DOC: Note to set MustQuoteChars=. due to DKIM signatures.
LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret
of Alcatel-Lucent.
LIBMILTER: Fix reference in xxfi_negotiate documentation.
Patch from Sven Neuhaus.
LIBMILTER: Fix function name in smfi_addrcpt_par documentation.
Patch from G.W. Haywood.
LIBMILTER: Fix a potential memory leak in smfi_setsymlist().
Patch from Martin Svec.
MAKEMAP: New map type "implicit" refers to the first available type,
i.e., it depends on the compile time options NEWDB, DBM,
and CDB. This can be used in conjunction with the
"implicit" map type in sendmail.cf.
Note: makemap, libsmdb, and sendmail must be compiled
with the same options (and library versions of course).
Portability:
Add support for Darwin 14-18 (Mac OS X 10.x).
New option HAS_GETHOSTBYNAME2: set if your system
supports gethostbyname2(2).
Set SM_CONF_SEM=2 for FreeBSD 12 and later due to
changes in sys/sem.h
On Linux set MAXHOSTNAMELEN (the maximum length
of a FQHN) to 256 if it is less than that value.
Added Files:
cf/feature/blocklist_recipients.m4
cf/feature/tls_failures.m4
devtools/OS/Darwin.14.x
devtools/OS/Darwin.15.x
devtools/OS/Darwin.16.x
libsmdb/smcdb.c
sendmail/ratectrl.h
|
|
Ruby on Rails 6.0.4 (2021-06-15), including security fixes.
Active Support
* Fixed issue in ActiveSupport::Cache::RedisCacheStore not passing
options to read_multi causing fetch_multi to not work properly.
(Rajesh Sharma)
* with_options copies its options hash again to avoid leaking mutations.
Fixes #39343. (Eugene Kenny)
Active Record
* Only warn about negative enums if a positive form that would cause
conflicts exists. Fixes #39065. (Alex Ghiculescu)
* Allow the inverse of a has_one association that was previously
autosaved to be loaded. Fixes #34255. (Steven Weber)
* Reset statement cache for association if table_name is changed.
Fixes #36453. (Ryuta Kamizono)
* Type cast extra select for eager loading. (Ryuta Kamizono)
* Prevent collection associations from being autosaved multiple times.
Fixes #39173. (Eugene Kenny)
* Resolve issue with insert_all unique_by option when used with
expression index.
When the :unique_by option of ActiveRecord::Persistence.insert_all
and ActiveRecord::Persistence.upsert_all was used with the name of
an expression index, an error was raised. Adding a guard around the
formatting behavior for the :unique_by corrects this.
Usage:
create_table :books, id: :integer, force: true do |t|
t.column :name, :string
t.index "lower(name)", unique: true
end
Book.insert_all [{ name: "MyTest" }], unique_by: :index_books_on_lower_name
Fixes #39516. (Austen Madden)
* Fix preloading for polymorphic association with custom scope.
(Ryuta Kamizono)
* Allow relations with different SQL comments in the or method.
(Takumi Shotoku)
* Resolve conflict between counter cache and optimistic locking.
Bump an Active Record instance's lock version after updating its
counter cache. This avoids raising an unnecessary
ActiveRecord::StaleObjectError upon subsequent transactions by
maintaining parity with the corresponding database record's
lock_version column. Fixes #16449. (Aaron Lipman)
* Fix through association with source/through scope which has joins.
(Ryuta Kamizono)
* Fix through association to respect source scope for includes/preload.
(Ryuta Kamizono)
* Fix eager load with Arel joins to maintain the original joins order.
(Ryuta Kamizono)
* Fix group by count with eager loading + order + limit/offset.
(Ryuta Kamizono)
* Fix left joins order when merging multiple left joins from different
associations. (Ryuta Kamizono)
* Fix index creation to preserve index comment in bulk change table on
MySQL. (Ryuta Kamizono)
* Change remove_foreign_key to not check :validate option if database
doesn't support the feature. (Ryuta Kamizono)
* Fix the result of aggregations to maintain duplicated "group by"
fields. (Ryuta Kamizono)
* Do not return duplicated records when using preload. (Bogdan Gusiev)
Action View
* SanitizeHelper.sanitized_allowed_attributes and
SanitizeHelper.sanitized_allowed_tags call safe_list_sanitizer's
class method. Fixes #39586. (Taufiq Muhammadi)
Action Pack
* Accept base64_urlsafe CSRF tokens to make forward compatible.
* Base64 strict-encoded CSRF tokens are not inherently websafe, which
makes them difficult to deal with. For example, the common practice
of sending the CSRF token to a browser in a client-readable cookie
does not work properly out of the box: the value has to be
url-encoded and decoded to survive transport.
In Rails 6.1, we generate Base64 urlsafe-encoded CSRF tokens, which
are inherently safe to transport. Validation accepts both urlsafe
tokens, and strict-encoded tokens for backwards compatibility.
In Rails 5.2.5, the CSRF token format is accidentally changed to
urlsafe-encoded. If you upgrade apps from 5.2.5, set the config
urlsafe_csrf_tokens = true.
Rails.application.config.action_controller.urlsafe_csrf_tokens = true
(Scott Blum, Étienne Barrié)
* Signed and encrypted cookies can now store false as their value when
action_dispatch.use_cookies_with_metadata is enabled. (Rolandas
Barysas)
Active Storage
* The Poppler PDF previewer renders a preview image using the original
document's crop box rather than its media box, hiding print
margins. This matches the behavior of the MuPDF previewer. (Vincent
Robert)
Railties
* Allow relative paths with trailing slashes to be passed to rails
test. (Eugene Kenny)
* Return a 405 Method Not Allowed response when a request uses an
unknown HTTP method. Fixes #38998. (Loren Norman)
|
|
Ruby on Rails 5.2.6 (2021-05-05)
There are changes in www/ruby-actionpack52 only, including security fix.
Action Pack
* Accept base64_urlsafe CSRF tokens to make forward compatible.
Base64 strict-encoded CSRF tokens are not inherently websafe, which
makes them difficult to deal with. For example, the common practice
of sending the CSRF token to a browser in a client-readable cookie
does not work properly out of the box: the value has to be
url-encoded and decoded to survive transport.
In this version, we generate Base64 urlsafe-encoded CSRF tokens,
which are inherently safe to transport. Validation accepts both
urlsafe tokens, and strict-encoded tokens for backwards
compatibility.
How the tokes are encoded is controllr by the
action_controller.urlsafe_csrf_tokens config.
In Rails 5.2.5, the CSRF token format was accidentally changed to
urlsafe-encoded.
Atention: If you already upgraded your application to 5.2.5, set the
config urlsafe_csrf_tokens to true, otherwise your form submission
will start to fail during the deploy of this new version.
Rails.application.config.action_controller.urlsafe_csrf_tokens = true
If you are upgrading from 5.2.4.x, you don't need to change this
configuration.
Scott Blum, Étienne Barrié
|
|
Changelog:
What's new in notmuch 0.32.2
=========================
General
-------
Fix a bug from 2017 that can add duplicate thread-id terms to message
documents.
CLI
---
Fix small memory leak in notmuch new.
Emacs
-----
Add `(require 'seq)` for `seq-some`.
Documentation
-------------
Fix man page build for Sphinx 4.x. Fix variable name in emacs docs.
Tests
-----
Fix backup creation in `perf-test/T00-new`. Check openssl
prerequisite in `add_gpgsm_home`.
|
|
ideas from nia.
|
|
|
|
|
|
|
|
Security release.
v0.5.15 2021-06-21 Aki Tuomi <aki.tuomi@open-xchange.com>
* CVE-2020-28200: Sieve interpreter is not protected against abusive
scripts that claim excessive resource usage. Fixed by limiting the
user CPU time per single script execution and cumulatively over
several script runs within a configurable timeout period. Sufficiently
large CPU time usage is summed in the Sieve script binary and execution
is blocked when the sum exceeds the limit within that time. The block
is lifted when the script is updated after the resource usage times out.
* Disconnection log messages are now more standardized across services.
They also always now start with "Disconnected" prefix.
- managesieve: Commands pipelined together with and just after the
authenticate command cause these commands to be executed twice.
|
|
Security release.
v2.3.15 2021-06-21 Aki Tuomi <aki.tuomi@open-xchange.com>
* CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
JWT tokens. This may be used to supply attacker controlled keys to
validate tokens, if attacker has local access.
* CVE-2021-33515: On-path attacker could have injected plaintext commands
before STARTTLS negotiation that would be executed after STARTTLS
finished with the client.
* Disconnection log messages are now more standardized across services.
They also always now start with "Disconnected" prefix.
* Dovecot now depends on libsystemd for systemd integration.
* Removed support for Lua 5.2. Use version 5.1 or 5.3 instead.
* config: Some settings are now marked as "hidden". It's discouraged to
change these settings. They will no longer be visible in doveconf
output, except if they have been changed or if doveconf -s parameter
is used. See https://doc.dovecot.org/settings/advanced/ for details.
* imap-compress: Compression level is now algorithm specific.
See https://doc.dovecot.org/settings/plugin/compress-plugin/
* indexer-worker: Convert "Indexed" info logs to an event named
"indexer_worker_indexing_finished". See
https://doc.dovecot.org/admin_manual/list_of_events/#indexer-worker-indexing-finished
+ Add TSLv1.3 support to min_protocols.
+ Allow configuring ssl_cipher_suites. (for TLSv1.3+)
+ acl: Add acl_ignore_namespace setting which allows to entirely ignore
ACLs for the listed namespaces.
+ imap: Support official RFC8970 preview/snippet syntax. Old methods of
retrieving preview information via IMAP commands ("SNIPPET and PREVIEW
with explicit algorithm selection") have been deprecated.
+ imapc: Support INDEXPVT for imapc storage to enable private
message flags for cluster wide shared mailboxes.
+ lib-storage: Add new events: mail_opened, mail_expunge_requested,
mail_expunged, mail_cache_lookup_finished. See
https://doc.dovecot.org/admin_manual/list_of_events/#mail
+ zlib, imap-compression, fs-compress: Support compression levels that
the algorithm supports. Before, we would allow hardcoded value between
1 to 9 and would default to 6. Now we allow using per-algorithm value
range and default to whatever default the algorithm specifies.
- *-login: Commands pipelined together with and just after the authenticate
command cause these commands to be executed twice. This applies to all
protocols that involve user login, which currently comprises of imap,
pop3, submisision and managesieve.
- *-login: Processes are supposed to disconnect the oldest non-logged in
connection when process_limit was reached. This didn't actually happen
with the default "high-security mode" (with service_count=1) where each
connection is handled by a separate process.
- *-login: When login process reaches client/process limits, oldest
client connections are disconnected. If one of these was still doing
anvil lookup, this caused a crash. This could happen only if the login
process limits were very low or if the server was overloaded.
- Fixed building with link time optimizations (-flto).
- auth: Userdb iteration with passwd driver does not always return all
users with some nss drivers.
- dsync: Shared INBOX not synced when "mail_shared_explicit_inbox" was
disabled. If a user has a shared mailbox which is another user's INBOX,
dsync didn't include the mailbox in syncing unless explicit naming is
enabled with "mail_shared_explicit_inbox" set to "yes".
- dsync: Shared namespaces were not synced with "-n" flag.
- dsync: Syncing shared INBOX failed if mail_attribute_dict was not set.
If a user has a shared mailbox that is another user's INBOX, dsync
failed to export the mailbox if mail attributes are disabled.
- fts-solr, fts-tika: Using both Solr FTS and Tika may have caused HTTP
requests to assert-crash: Panic: file http-client-request.c: line 1232
(http_client_request_send_more): assertion failed: (req->payload_input != NULL)
- fts-tika: 5xx errors returned by Tika server as indexing failures.
However, Tika can return 5xx for some attachments every time.
So the 5xx error should be retried once, but treated as success if it
happens on the retry as well. v2.3 regression.
- fts-tika: v2.3.11 regression: Indexing messages with fts-tika may have
resulted in Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts):
assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input))
- imap: SETMETADATA could not be used to unset metadata values.
Instead NIL was handled as a "NIL" string. v2.3.14 regression.
- imap: IMAP BINARY FETCH crashes at least on empty base64 body:
Panic: file index-mail-binary.c: line 358 (blocks_count_lines):
assertion failed: (block_count == 0 || block_idx+1 == block_count)
- imap: If IMAP client using the NOTIFY command was disconnected while
sending FETCH notifications to the client, imap could crash with
Panic: Trying to close mailbox INBOX with open transactions.
- imap: Using IMAP COMPRESS extension can cause IMAP connection to hang
when IMAP commands are >8 kB long.
- imapc: If remote server sent BYE but didn't immediately disconnect, it
could cause infinite busy-loop.
- lib-index: Corrupted cache record size in dovecot.index.cache file
could have caused a crash (segfault) when accessing it.
- lib-oauth2: JWT token time validation now works correctly with
32-bit systems.
- lib-ssl-iostream: Checking hostnames against an SSL certificate was
case-sensitive.
- lib-storage: Corrupted mime.parts in dovecot.index.cache may have
resulted in Panic: file imap-bodystructure.c: line 206 (part_write_body):
assertion failed: (text == ((part->flags & MESSAGE_PART_FLAG_TEXT) != 0))
- lib-storage: Index rebuilding (e.g. via doveadm force-resync) didn't
preserve the "hdr-pop3-uidl" header. Because of this, the next pop3
session could have accessed all of the emails' metadata to read their
POP3 UIDL (opening dbox files).
- listescape: When using the listescape plugin and a shared namespace
the plugin didn't work properly anymore resulting in errors like:
"Invalid mailbox name: Name must not have '/' character."
- lmtp: Connection crashes if connection gets disconnected due to
multiple bad commands and the last bad command is BDAT.
- lmtp: The Dovecot-specific LMTP parameter XRCPTFORWARD was blindly
forwarded by LMTP proxy without checking that the backend has support.
This caused a command parameter error from the backend if it was
running an older Dovecot release. This could only occur in more complex
setups where the message was proxied twice; when the proxy generated
the XRCPTFORWARD parameter itself the problem did not occur, so this
only happened when it was forwarded.
- lmtp: The LMTP proxy crashes with a panic when the remote server
replies with an error while the mail is still being forwarded through
a DATA/BDAT command.
- lmtp: Username may have been missing from lmtp log line prefixes when
it was performing autoexpunging.
- master: Dovecot would incorrectly fail with haproxy 2.0.14 service
checks.
- master: Systemd service: Dovecot announces readiness for accepting
connections earlier than it should. The following environment variables
are now imported automatically and can be omitted from
import_environment setting: NOTIFY_SOCKET LISTEN_FDS LISTEN_PID.
- master: service { process_min_avail } was launching processes too
slowly when master was forking a lot of processes.
- util: Make the health-check.sh example script POSIX shell compatible.
|
|
|
|
|
|
|
|
|
|
|
|
Needs more work to build on netbsd HEAD.
|
|
3.6.1 (2021-06-14)
Fixed in Postfix 3.6.1, 3.5.11, 3.4.21, 3.3.18:
* Bugfix (introduced: Postfix 2.11): the command "postmap
lmdb:/file/name" (create LMDB database from textfile) handled
duplicate input keys ungracefully, discarding entries stored
up to and including the duplicate key, and causing a double
free() call with lmdb versions 0.9.17 and later. Reported by
Adi Prasaja; double free() root cause analysis by Howard Chu.
Fixed in Postfix 3.6.1, 3.5.11, 3.4.21:
* Typo (introduced: Postfix 3.4): silent_discard should be
silent-discard in BDAT_README.
|
|
1.1.3:
Unknown changes
|
|
Changes since version 2.0.7:
! The -d option allows a negative number. If negative, debug files are
not rotated. The debug level is the absolute value.
+ <view-pager> in the attachment menu uses a copiousoutput mailcap
entry, or falls back to raw text.
+ <view-mailcap>, <view-pager>, and <view-text> functions added to the
compose menu.
+ <view-alt-pager> in the compose menu allows previewing the output
of the $send_multipart_alternative_filter the way <view-pager> does.
+ <list-action>, bound to Esc-L in the index and pager menu, brings
up a menu of operations to perform on mailing list emails, such as
subscribe/unsubscribe.
+ <skip-headers>, bound to 'H' in the pager, will skip to the first
blank line following the headers.
! ~h patterns over IMAP and POP3 will only download the headers of the
message. However with message caching enabled (via $message_cachedir)
the whole message will still be downloaded.
+ $ssl_verify_host_override allows manually specifying the host name
to verify a server certificate against.
! --enable-hcache, with no particular backend enabled, will scan in
the order: kyotocabinet, tokyocabinet, lmdb, qdbm, gdbm, bdb.
! $allow_ansi understands 256-color ANSI escape sequences.
+ $message_id_format can be used to specify a custom message-id
format. Since it's a format string, this can also use a filter.
Please use this option with care, as Mutt won't check if your
message-id is legal.
! mailboxes -nonotify will poll a mailbox for new mail, but will not
trigger new mail notifications (e.g. $beep_new or $new_mail_command).
! $reverse_name affects tagged reply/forward/compose-to-sender
actions too.
! ANSI sequences are filtered for inline-forwarded autoview content,
in addition to replies.
! $forward_decrypt is now a quadoption, defaulting 'yes' for backward
compatibility.
! Pattern functions, (e.g. search and limit) can be interrupted with
ctrl-c.
! The default mailto_allow list now includes cc, in-reply-to, and
references.
+ $sort_browser_mailboxes controls mailbox browsing, and defaults
"unsorted". $sort_browser now only controls directory browsing.
! $sort_browser and $sort_browser_mailboxes "unsorted" now means the
order added (e.g. specified in the muttrc). Switching back to
"unsorted" will now resort in that order (previously it was a no-op.)
! In the browser ".." is excluded from sorting and kept at the top.
! Temp filenames generated for mailcap invocation now allow non-ascii
characters.
+ $local_date_header, when unset, causes the date in the Date header
to be formatted using the GMT timezone.
|
|
Upstream changes:
2.20210112 2021-01-12 22:10:28+00:00 UTC
- Switch to a purely numeric version string
|
|
|
|
Since redmine require mini_mime < 1.1, update to latest 1.0.3.
1.0.3 (2021-03-26)
* Update mime types from upstream
|
|
Postfix stable release 3.6.0 is available. This ends the support
for legacy release Postfix 3.2.
The main changes are below. See the RELEASE_NOTES file for further
details.
Incompatible changes:
* This release requires "postfix stop" before updating, or before
backing out to an earlier release, because some internal protocols
have changed. Otherwise, long-running daemons (pickup, qmgr,
verify, tlsproxy, postscreen) may fail to communicate with the
rest of Postfix, causing mail delivery delays until Postfix is
restarted.
* Respectful logging. Postfix version 3.6 deprecates terminology
that implies white is better than black. Instead, Postfix prefers
'allowlist', 'denylist', and variations on those words. This
change affects Postfix documentation, and postscreen parameters
and logging.
To keep the old postscreen logging set "respectful_logging =
no" in main.cf before setting "compatibility_level = 3.6". In
any case, the old postscreen parameter names will keep working
as before.
Other changes:
* The minimum supported OpenSSL version is 1.1.1, which will reach
the end of life by 2023-09-11. Postfix 3.6 is expected to reach
the end of support in 2025. Until then, Postfix will be updated
as needed for compatibility with OpenSSL.
The default fingerprint digest has changed from md5 to sha256
(Postfix 3.6 with compatibility_level >= 3.6). With a lower
compatibility_level setting, Postfix defaults to using md5, and
logs a warning when a Postfix configuration specifies no explicit
digest type.
The export-grade Diffie-Hellman key exchange is no longer
supported, and the tlsproxy_tls_dh512_param_file parameter is
ignored,
* Better error messages when someone configures an incorrect
program in master.cf. To recognize such mistakes, every Postfix
internal service, including the postdrop command, announces the
name of its protocol before doing any other I/O, and every
Postfix client program, including the Postfix sendmail command,
will verify that the protocol name matches what it expects.
* Fine-grained control over the envelope sender address for
submission with the Postfix sendmail (or postdrop) commands.
Example:
/etc/postfix/main.cf:
# Allow root and postfix full control, anyone else can only
# send mail as themselves. Use "uid:" followed by the numerical
# UID when the UID has no entry in the UNIX password file.
local_login_sender_maps =
inline:{ { root = *}, { postfix = * } },
pcre:/etc/postfix/login_senders
/etc/postfix/login_senders:
# Allow both the bare username and the user@domain forms.
/(.+)/ $1 $1@example.com
* Threaded bounces. This allows mail readers to present a
non-delivery, delayed delivery, or successful delivery notification
in the same email thread as the original message.
Unfortunately, this also makes it easy for users to mistakenly
delete the whole email thread (all related messages), instead
of deleting only the delivery status notification.
To enable, specify "enable_threaded_bounces = yes".
* Postfix by default no longer uses the services(5) database to
look up the TCP ports for SMTP and LMTP services. Instead, this
information is configured with the new known_tcp_ports configuration
parameter (default: lmtp=24, smtp=25, smtps=submissions=465,
submission=587). When a service is not specified in known_tcp_ports,
Postfix will still query the services(5) database.
* Starting with Postfix version 3.6, the compatibility level is
"3.6". In future Postfix releases, the compatibility level will
be the Postfix version that introduced the last incompatible
change. The level is formatted as 'major.minor.patch', where
'patch' is usually omitted and defaults to zero. Earlier
compatibility levels are 0, 1 and 2.
This also introduces main.cf and master.cf support for the
<=level, < level, and other operators to compare compatibility
levels. With the standard <=, <, etc. operators, compatibility
level 3.10 would be less than 3.9, which is undesirable.
|
|
change
|
|
|
