| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
- [Feature] Add arguments schemas to processors and extractors
- [Feature] Add functional selectors library
- [Feature] Add generic selector to reputation module
- [Feature] Add more ratelimits: by digest, by attachments data, by
filenames
- [Feature] Add preliminary stop words detection support
- [Feature] Add pure Lua debugm function
- [Feature] Add schema validation for Redis settings
- [Feature] Add selectors combine function
- [Feature] Add some recursion protection to lua logger
- [Feature] Add support for Lua API tracing
- [Feature] Allow to apply schema to arguments
- [Feature] Allow to get dkim signing data directly from HTTP headers
- [Feature] Allow to reuse existing authentication results
- [Feature] Cache selectors results in re runtime
- [Feature] Implement new text tokenizer based on libicu
- [Feature] Integrate selectors framework to multimap
- [Feature] Relax FORGED_RECIPIENTS
- [Feature] Support (almost) all html entities
- [Feature] Support adding and deletion of recipients in the milter
block
- [Feature] Support gathering HTTP body from fragments in lua_http
- [Feature] Support multi flag in regexp and glob maps
- [Feature] Support selectors in ratelimit module
- [Feature] Support selectors in settings
- [Feature] Use khash in HTML parser
- [Feature] Use pure Lua debugm function
- [Fix] Add fail-safety for destroying sessions
- [Fix] Allow to add result-less fake DNS records
- [Fix] Another try to fix race conditions on config unload
- [Fix] Call Lua callback on DNS timeouts
- [Fix] Deprecate task:inc_dns_req as it is redundant
- [Fix] Do not allow events deletions on cleanup
- [Fix] Do not try to process skipped messages
- [Fix] Fix HTTP requests with no body
- [Fix] Fix another cleanup race condition
- [Fix] Fix bug in processing of pcre regexps
- [Fix] Fix byte array allocation in the pool
- [Fix] Fix crashes on task cleanup
- [Fix] Fix dynamic buckets in ratelimits
- [Fix] Fix endless loop when waiting for Rspamd to stop
- [Fix] Fix lua_util.str_split in case of delimiters set
- [Fix] Fix more issues with watching of async events
- [Fix] Fix stop words detection and loading logic
- [Fix] Fix various corner cases for language detection
- [Fix] Fix watchers in lua_tcp
- [Fix] Fix words decay algorithm
- [Fix] Implement watchers replacement to handle nested calls
- [Fix] Save faked code into fake dns record
- [Fix] Show the proper frame when using lua_util.debugm
- [Fix] Use fake dns records in tests
- [Fix] Use unicode replacements for HTML entities
- [Fix] fixed "cannot find dependency on symbol 1" issue when using
replaced symbols in spamassassin rules
- [Fix] partition_id is not available in old versions of CH
- [Project] Add implicit conversion logic to selectors
- [Project] Add initial support for selectors in regexps
- [Project] Add method concept
- [Project] Further changes in unicode operations
- [Project] Implement Clickhouse migrations
- [Project] Implement implicit conversions to userdata
- [Project] Implement insert method
- [Project] Implement selectors registration for regular expressions
- [Project] Implement selectors support in re_cache
- [Project] Improve language detector: cleanup unused files,
categorize
- [Project] Migrate CH data to a fat table
- [Project] Rework selectors logic
- [Project] Start Clickhouse utilities library
- [Project] Start unicode rework
- [Project] coroutine threaded model for API calls: thread pool
- [Rework] Move phishtank to a DNS based service
- [Rework] Rework Clickhouse plugin to use the new API
- [Rework] Rework language detector
- [Rework] Rework utf content processing in text parts
- [WebUI] Add progress bar for AJAX requests
- [WebUI] Avoid errors table reinitialization
- [WebUI] Avoid history table reinitialization
- [WebUI] Avoid throughput summary table reinitialization
- [WebUI] Destroy summary table on disconnect
- [WebUI] Fix "auth" request URL
- [WebUI] Fix disabling and hiding controls on page reload
- [WebUI] Fix maps loading from neighbours
- [WebUI] Fix symbols sorting by score
- [WebUI] Fix tables destroying
- [WebUI] Fix throughput data consolidation
- [WebUI] Fix upload buttons disabling
|
|
|
|
- Fixed pre-standard SMTP address parsing.
- Added key exchange and cipher info to TLS handshake logging.
|
|
## Rails 5.1.6 (March 29, 2018) ##
* No changes.
|
|
14-08-2018
- Version 1.0.1
- Update mime types from upstream
- Add lookup_by_extension to the public API
|
|
## 3.2.2 / 2018-08-12
* Hiroto Fukui removed a stray `debugger` statement that I had used in
producing v3.2.1. [#137][]
## 3.2.1 / 2018-08-12
* A few bugs related to MIME::Types::Container and its use in the
mime-types-data helper tools reared their head because I released 3.2
before verifying against mime-types-data.
## 3.2 / 2018-08-12
* 2 minor enhancements
* Janko Marohnić contributed a change to `MIME::Type#priority_order` that
should improve on strict sorting when dealing with MIME types that
appear to be in the same family even if strict sorting would cause an
unregistered type to be sorted first. [#132][]
* Dillon Welch contributed a change that added `frozen_string_literal:
true` to files so that modern Rubies can automatically reduce duplicate
string allocations. [#135][]
* 2 bug fixes
* Burke Libbey fixed a problem with cached data loading. [#126][]
* Resolved an issue where Enumerable#inject returns +nil+ when provided
an empty enumerable and a default value has not been provided. This is
because when Enumerable#inject isn't provided a starting value, the
first value is used as the default value. In every case where this
error was happening, the result was supposed to be an array containing
Set objects so they can be reduced to a single Set. [#117][], [#127][],
[#134][].
* Fixed an uncontrolled growth bug in MIME::Types::Container where a key
miss would create a new entry with an empty Set in the container. This
was working as designed (this particular feature was heavily used
during MIME::Type registry construction), but the design was flawed in
that it did not have any way of determining the difference between
construction and querying. This would mean that, if you have a function
in your web app that queries the MIME::Types registry by extension, the
extension registry would grow uncontrollably. [#136][]
* Deprecations:
* Lazy loading (`$RUBY_MIME_TYPES_LAZY_LOAD`) has been deprecated.
* Documentation Changes:
* Supporting files are now Markdown instead of rdoc, except for the
README.
* The history file has been modified to remove all history prior to 3.0.
This history can be found in previous commits.
* A spelling error was corrected by Edward Betts ([#129][]).
* Administrivia:
* CI configuration for more modern versions of Ruby were added by Nicolas
Leger ([#130][]), Jun Aruga ([#125][]), and Austin Ziegler. Removed
ruby-head-clang and rbx (Rubinius) from CI.
* Fixed tests which were asserting equality against nil, which will
become an error in Minitest 6.
|
|
## 3.2018.0812 / 2018-08-12
* Added `.xsd` extension to `text/xml`. [#10][]
* Added `.js` and `.mjs` extensions to `text/ecmascript` and
`text/javascript`. [#11][]
* Added `.ipa` extension to `application/octet-stream`. [#12][]
* Moved extensions `.markdown` and `.md` and added `.mkd` extension to
`text/markdown`. [#13][]
* Because of a bug found with mime-types 3 before 3.2.1, this version
requires mime-types 3.1 or later to manage data.
* Updated the IANA media registry entries as of release date. The biggest
major change here is the addition of the `font/` top-level media type.
* MIME type changes not introduced by pull requests will no longer be
individually tracked.
* Clarified that the YAML editable format is not shipped with the Ruby gem
for size considerations.
|
|
1.2:
mprove the documentation on enabling STARTTLS.
Add customizable ident field to SMTP class constructor.
Remove asyncio.coroutine decorator as it was introduced in Python 3.5.
Add Controller docstring, explain dual-stack binding.
Gracefully handle ASCII decoding exceptions.
Fix typo.
Improve Controller ssl_context documentation.
Add timeout feature.
|
|
- Network timeout handling has been added.
- Support for proper Maildir++ and a Maildir sub-folder naming style
without extra dots have been added.
- Support for TLS client certificates was added.
- Support for recovering from baseless UID validity changes was added.
- The get-cert script was renamed to mbsync-get-cert.
|
|
pkgsrc changes:
- Update HOMEPAGE and MASTER_SITES
- Remove inet6 option (it was actually a no-op)
- Adjust libidn dependency to libidn2 per 1.8.0 change
- Cleanup the options.mk a bit: no need to add pkg-config to USE_TOOLS, it was
already needed as tool and remove all --with-*-prefix= because pkg-config is
used for that
Changes:
Version 1.8.0:
- A minimal SMTP server called msmtpd was added that listens on the local host
and pipes mails to msmtp (or another program). It is intended to be used with
system services that cannot be configured to call msmtp directly. You can
disable it with the configure option --without-msmtpd.
- Using OpenSSL is discouraged and may not be supported in the future. Please
use GnuTLS instead. The reasons are explained here:
https://marlam.de/msmtp/news/openssl-discouraged/
- As using GNU SASL is most likely unnecessary, it is disabled by default now.
Since everything uses TLS nowadays and thus can use PLAIN authentication, you
really only need it for GSSAPI.
- If your system requires a library for IDN support, libidn2 is now used instead
of the older libidn.
- The CRAM-MD5 authentication method is marked as obsolete / insecure and will
not be chosen automatically anymore.
- The passwordeval command does not require the password to be terminated by a
new line character anymore.
- The new logfile_time_format command allows to customize log file time stamps.
- Builtin default port numbers are now used instead of consulting /etc/services.
- Support for DJGPP and for systems lacking vasprintf(), mkstemp(), or tmpfile()
is removed.
Version 1.6.8:
- Add --source-ip option and source_ip command to bind the outgoing connection
to a specific source IP address.
- Enable SNI for TLS
Version 1.6.7:
- Add support for ~/.config/msmtp/config as configuration file
- Add network timeout handling on Windows
- Fix command line handling of SHA256 TLS fingerprints
- Fix SIGPIPE handling (affects at least Mac OS X)
- Add french translation, and update german translation
|
|
|
|
in pkgsrc) has bumped key sizes to 2048 bits. Do likewise. Bump PKGREVISION.
|
|
|
|
|
|
with e.g. condtomaildir(1). Bump version.
|
|
|
|
- Fix missing config files (pkg/53577).
The most important features and fixes
- Ratelimits are reworked and now work as intended (and documented)
- Clickhouse module supports data retention policies
- Reworked C modules to avoid global contexts (simplifies leaks
detection on reload)
- Reputation plugin now supports SPF records reputation
- WebUI code is now even more conformant to the modern JS standards
- Maps are now distributed remotely with local file safety fallback to
allow faster maps update without waiting for a new release
- Antivirus module checks attachments only (as decoded content) in
attachments_only mode to improve AV performance by hiding the mime
content from them
Full list of the meaningful changes
- [CritFix] Fix caseless comparison of equal length strings
- [Feature] Add HTTP basic auth support to elastic and clickhouse
plugins
- [Feature] Add SPF selector to reputation
- [Feature] Add support of the fallback backends for HTTP maps
- [Feature] Allow to print full mime structure when extracting mime
data
- [Feature] Allow to split symbols in reputation plugin
- [Feature] Check attachments only on AV scanners in attachments_only
mode
- [Feature] Disable all SSL checks if ssl_no_verify flag is set
- [Feature] Implement parsing of scoped IPv6 addresses
- [Feature] Improve rspamc counters output
- [Fix] Add sanity checks when expanding SPF macros
- [Fix] Allow to parse SA rules with no spaces around =~ (dirty hack)
- [Fix] Avoid one extra byte writing
- [Fix] Deal with direct hash table
- [Fix] Detect empty text part as text, not HTML
- [Fix] Do not reduce map watch timeout for mixed http/file maps
- [Fix] Fix HTML part detection heuristic
- [Fix] Fix double free in redirectors cleanup
- [Fix] Fix legacy history handling in the controller
- [Fix] Fix messages insertion
- [Fix] Fix sending string method
- [Fix] Fix statconver command line arguments
- [Fix] Fixed argument checking for being null
- [Fix] Fixed issues reported by luacheck
- [Fix] Freeze updates queue when do actual storage update
- [Fix] HTTP map hash is per-backend and not per-map
- [Fix] Plug memory leak in fuzzy updates
- [Fix] Prefer 'MTA-Name' when producing authentication results
- [Fix] Replace bad unicode sequences instead of stopping on them
- [Fix] Set classifier version on learning
- [Project] Reworked ratelimits
- [Project] Apply topological sorting for symbols in Rspamd
- [Project] Remove global contexts from C modules
- [Project] Move performance critical hash tables to khash
- [WebUI] Avoid unused indexes
- [WebUI] Do not execute on_success callback
- [WebUI] Fix history reset for "All SERVERS" (#2346)
- [WebUI] Fix query URL for selected server
- [WebUI] Fix symbols display in legacy history,
- [WebUI] Hide symbols order selector for legacy history
- [WebUI] Refactor query functions into one
- [WebUI] Remove previously-attached event handlers
- [WebUI] Save symbols to the selected server
- [WebUI] Unify arguments of query functions
- [WebUI] Use common query functions to get graph data
- [WebUI] Use common query functions to save symbols
|
|
|
|
version 3.007: Mon 3 Sep 07:58:36 CEST 2018
Changes:
- nicer algorithm to generate disposition filenames.
Fixes:
- fix metadata [Mohammad S Anwar]
- enforce stringification on ::Field::Attribute->new(value) [Andy Beverley]
- dispositionFilename() accepts (some) blanks, strips more chars
rt.cpan.org#125350 [Gary Funck]
- understand quotes in a field body for get() [Andy Beverley]
Improvements:
- add pod tester
|
|
|
|
|
|
hypermail uses libtrio, which overloads <stdio.h> functions by macros.
With _FORTIFY_SOURCE > 0, <stdio.h> loads <ssp/stdio.h> which does
the same, and we get macro redefinition errors.
|
|
Linux. Bump PKGREVISION.
|
|
|
|
Upstream changes:
1.005 Mon 20 Aug 2018
- No functional changes
- Actual 5.6 compatibility
|
|
Update DEPENDS
Upstream changes:
1.004 Sun 19 Aug 2018
- No functional changes
- Tests powered by JSON::PP instead of JSON::XS
- Simplified tests with fewer dependencies
|
|
|
|
The mblaze message system is a set of Unix utilities to deal with
mail kept in Maildir folders.
Its design is roughly inspired by MH, the RAND Message Handling
System, but it is a complete implementation from scratch.
Packaged by Sunil Nimmagadda and submitted via PR pkg/53517 and pkgsrc-wip.
|
|
|
|
A small PHP poratbility fix.
|
|
* No change except version.
Reset PKGREVISION.
|
|
- Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289)
|
|
RELEASE 1.3.7
-------------
- Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244)
- Fix bug where some parts of quota information could have been ignored (#6280)
- Fix bug where some escape sequences in html styles could bypass security checks
- Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names
- Fix bug where only attachments with the same name would be ignored on zip download (#6301)
- Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299)
- Fix bug where after "mark all folders as read" action message counters were not reset (#6307)
- Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289)
- Fix bug where some HTML comments could have been malformed by HTML parser (#6333)
|
|
Apologies, I used the subclass name instead of the primary module name.
|
|
This subclass of Tie::Handle::Offset automatically hides an email-style
message header. After opening the file, it reads up to a blank or
white-space-only line and sets the offset to the next byte.
|
|
|
|
pymsgauth-confirm didn't work). Bump PKGREVISION.
|
|
|
|
on finding "nbcheckpassword" (which, at present, might be either
checkpassword-pam or DJB's original).
Depend (unconditionally) on mail/qmail-rejectutils, instead of having it
as an option on mail/qmail.
Bump version.
|
|
can (by itself depending on pkgtools/pkg_alternatives) expect to find
"nbcheckpassword".
Remove 'qmail-rejectutils' option, which will become an unconditional
dependency in qmail-run.
Bump PKGREVISION.
|
|
1.7.8: 12 Jul 2018
- [Feature] Add more extended statistics about fuzzy updates
- [Feature] Add more non-conformant Received headers support
- [Feature] Add preliminary function to get fuzzy hashes from text in
Lua
- [Feature] Allow to configure AV module rejection message
- [Feature] Implement fuzzy hashes extraction in mime tool
- [Feature] Improve WHITE_ON_WHITE rule
- [Feature] Improve integer -> string conversion
- [Feature] Reuse maps in multimap module more aggressively
- [Fix] Avoid race condition in skip map as pool lifetime is not
enough
- [Fix] Eliminate all specific C plugins pools
- [Fix] Fix DKIM check rule if DNS is unavailable
- [Fix] Fix build where ucontext is defined in ucontext.h
- [Fix] Fix crash in base url handling
- [Fix] Fix descriptors leak in sqlite3 locking code
- [Fix] Fix messages quarantine
- [Fix] Fix padded numbers printing
- [Fix] Fix race condition on maps reinit
- [Fix] Fix regexp functions when no data is passed
- [Fix] Fix specific urls extraction
- [Fix] Fix styles propagation
- [Fix] Improve resetting of the limit buckets
- [Fix] Initialize sqlite3 properly
- [Fix] Work with broken resolvers in resolv.conf
- [Project] Implement HTTP maps caching
- [Project] Refresh fuzzy hashes when matched
- [Project] Add logic to deduplicate fuzzy updates queue
- [WebUI] Add missed declarations
- [WebUI] Avoid using "undefined" property
- [WebUI] Do not accept passwords containing control characters
- [WebUI] Do not redeclare variables
- [WebUI] Enable strict mode,
- [WebUI] Fix variable assignment
- [WebUI] Initialize variables at declaration
- [WebUI] Remove duplicated path from RequireJS config
- [WebUI] Remove unused block
- [WebUI] Remove unused variable
- [WebUI] Remove unused variables
- [WebUI] Use self-explanatory notation
- [WebUI] Use type-safe equality operators
1.7.7: 02 Jul 2018
- [CritFix] Check NM part of pubkey to match it with rotating keypairs
- [CritFix] Do not overwrite PID of the main process
- [CritFix] Fix maps after reload
- [CritFix] Fix maps race conditions on reload
- [CritFix] Fix shmem leak in encrypting proxy mode
- [Feature] Add a concept of ignored symbols to avoid race conditions
- [Feature] Add ability to print bayes tokens in rspamadm mime
- [Feature] Add method to get statistical tokens in Lua API
- [Feature] Add preliminary mime stat command
- [Feature] Add rspamadm mime tool
- [Feature] Add urls extraction tool
- [Feature] Address ZeroFont exploit
- [Feature] Allow rspamadm mime to process multiple files
- [Feature] Allow to extract words in `rspamadm mime`
- [Feature] Allow to print mime part data
- [Feature] Allow to show HTML structure on extraction
- [Feature] Distinguish IP failures from connection failures
- [Feature] Improve output for mime command
- [Feature] Improve styles propagation
- [Feature] Main process crash will now cleanup all children
- [Feature] Preload file and static maps in main process
- [Feature] Print stack trace on crash
- [Feature] Process font size in HTML parser
- [Feature] Propagate content length of invisible tags
- [Feature] Read ordinary file maps in chunks to be more safe on
rewrites
- [Feature] Support base tag in HTML
- [Feature] Support more size suffixes when parsing HTML styles
- [Feature] Support opacity style
- [Fix] Another fix for nested composites
- [Fix] Fill nm id in keypairs cache code
- [Fix] Fix colors alpha channel handling
- [Fix] Fix destruction logic
- [Fix] Fix double free
- [Fix] Fix maps preload logic
- [Fix] Fix nested composites process
- [Fix] Fix proxying of Exim connections
- [Fix] Fix reload crash
- [Fix] Fix rspamadm -l command
- [Fix] Update ed25519 signing schema
- [WebUI] Stop using "const" declaration
- [WebUI] Update RequireJS to 2.3.5
1.7.6: 15 Jun 2018
- [CritFix] Fix multiple neural networks support
- [Feature] Add decryption function to keypair command
- [Feature] Add gzip compression for HTTP requests in elastic module
- [Feature] Add gzip methods to lua util
- [Feature] Add maps based on Top Level Domains
- [Feature] Add pubkey checks for dkim_signing
- [Feature] Add support of fake DNS records
- [Feature] Add tool to encrypt files
- [Feature] Allow to add symbols using settings directly
- [Feature] Allow to match private and public keys for DKIM signatures
- [Feature] Allow to set task flags via settings
- [Feature] Allow to specify fake DNS address from the config
- [Feature] Implement signatures verification using rspamadm keypair
- [Feature] Implement signing using `rspamadm keypair`
- [Feature] Improve error reporting for DKIM key access issues
- [Feature] Provide $HOSTNAME variable in UCL
- [Feature] Rework levenshtein distance computation
- [Feature] Split message parsing and processing
- [Feature] Support ED25519 DKIM signatures
- [Feature] Support encrypted configs in UCL
- [Feature] Suppress duplicate warning on very large radix tries
- [Feature] Use OSB to combine header names
- [Fix] Cleanup maps data on shutdown
- [Fix] Fix '~' behaviour in composites
- [Fix] Fix HTTP maps updates
- [Fix] Fix NIST signatures
- [Fix] Fix RFC822 comments when processing a mime address
- [Fix] Fix double free
- [Fix] Fix dynamic settings application
- [Fix] Fix for CommuniGate Pro maillist
- [Fix] Fix keypair creation method to actually create keypair...
- [Fix] Fix matching patterns with no paths
- [Fix] Fix memory leak in parsing comments
- [Fix] Fix parsing of urls with numeric password
- [Fix] Fix plugins intialisation in configwizard
- [Fix] Fix potential crash on reload
- [Fix] Fix potential race condition for a finished HTTP connections
- [Fix] Fix race-condition leak on processes reload
- [Fix] Fix signing in openssl mode
- [Fix] Free language detector structures
- [Fix] Relax alignment requirements
- [Fix] Send DMARC reports compressed
- [Fix] Try to fix leak in dmarc module
- [Fix] Try to plug memory leak in metric exporter
- [Project] Convert rspamadm subcommands to Lua
- [WebUI] Display smtp sender/recipient in history
- [WebUI] Fix elements disabling in "Symbols" tab
- [WebUI] Limit recipients list in history column to 3
- [WebUI] Match envelope and mime addresses following in arbitrary
order
- [WebUI] Update column header
- [WebUI] Wrap addresses in history
1.7.5: 18 May 2018
- [Conf] Add MSBL proposed return codes
- [Conf] Add additional groups for policies
- [CritFix] Do not use volatile Lua strings as UCL keys
- [Feature] Add ability to add fuzzy hashes to headers
- [Feature] Add function to extract most meaningful urls
- [Feature] Add rule to block mixed text and encrypted parts
- [Feature] Allow multiple groups for symbols
- [Feature] Allow to disable lua squeezing logic
- [Feature] Allow to get multipart children in Lua
- [Feature] Allow to insert multiple headers from milter headers
- [Feature] Allow to print scores in subject and further extensions
- [Feature] Be more error-prone in squeezed rules
- [Feature] Support multiple return codes in emails module
- [Feature] Use EMA for calculating averages
- [Feature] Use common jit cache for all regexps
- [Feature] support for CommuniGate Pro self-generated messages
- [Fix] Allow to have multiple values for headers as arrays
- [Fix] Do not open sockets for disabled workers
- [Fix] Fix AuthservId
- [Fix] Fix base64 folding in Lua API
- [Fix] Fix build on non-x86 platforms
- [Fix] Fix cached maps logic
- [Fix] Fix compatibility with old maps query logic
- [Fix] Fix crash if skip_map is used
- [Fix] Fix importing static maps from UCL
- [Fix] Fix parsing of unix sockets
- [Fix] Fix raw_mime regexp on HTML part with no text content
- [Fix] Fix tables logging
- [Fix] Fix vertical tab handling in libucl
- [Fix] Try to fix frequency counters
- [Fix] Use better sharding for ip_score
- [Fix] Use multiple results from SURBL DNS reply
- [Fix] When doing AV scan select a different server for retransmit
|
|
* Sync with mail/thunderbird-52.9.1
|
|
Changelog:
changed
Thunderbird will now prompt to compact IMAP folders even if the account is online. Note: Under certain circumstances an incorrect estimate of the expected gain is shown.
fixed
Complete fix of the EFAIL vulnerability: 1) Removing some HTML crafted to carry out an attack. 2) Optionally: Not decrypting subordinate message parts that otherwise might reveal decrypted content to the attacker. Preference mailnews.p7m_subparts_external needs to be set to true for added security.
fixed
Various problems when forwarding messages inline when using "simple" HTML view
fixed
Deleting or detaching attachments corrupted messages under certain circumstances (not working only in Thunderbird version 52.9.0)
fixed
Various security fixes
Security fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML emails
#CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing enter in form field
#CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 52.9
|
|
|
|
to it from config files and rc.d scripts. Bump version.
|
|
and checkpassword{-pam,}. Add dependency on ucspi-ssl to 'tls' option.
Bump PKGREVISION.
|
|
and checkpassword{-pam,}. While here, update HOMEPAGE and MASTER_SITES.
Bump PKGREVISION.
|
|
functions). Bump PKGREVISION.
|
|
|
|
Each R package should include ../../math/R/Makefile.extension, which also
defines MASTER_SITES. Consequently, it is redundant for the individual
packages to do the same. Package-specific definitions also prevent
redefining MASTER_SITES in a single common place.
|
