Age | Commit message (Collapse) | Author | Files | Lines |
|
* auth: Use timing safe comparisons for everything related to
passwords. It's unlikely that these could have been used for
practical attacks, especially because Dovecot delays and flushes all
failed authentications in 2 second intervals. Also it could have
worked only when passwords were stored in plaintext in the passdb.
* master process sends SIGQUIT to all running children at shutdown,
which instructs them to close all the socket listeners immediately.
This way restarting Dovecot should no longer fail due to some
processes keeping the listeners open for a long time.
+ auth: Add passdb { mechanisms=none } to match separate passdb lookup
+ auth: Add passdb { username_filter } to use passdb only if user
matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
+ dsync: Add dsync_commit_msgs_interval setting. It attempts to commit
the transaction after saving this many new messages. Because of the
way dsync works, it may not always be possible if mails are copied
or UIDs need to change.
+ imapc: Support imapc_features=search without ESEARCH extension.
+ imapc: Add imapc_features=fetch-bodystructure to pass through remote
server's FETCH BODY and BODYSTRUCTURE.
+ imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the
remote server.
+ passdb imap: Add allow_invalid_cert and ssl_ca_file parameters.
+ If dovecot.index.cache corruption is detected, reset only the one
corrupted mail instead of the whole file.
+ doveadm mailbox status: Add "firstsaved" field.
+ director_flush_socket: Add old host's up/down and vhost count as parameters
- More fixes to automatically fix corruption in dovecot.list.index
- dsync-server: Fix support for dsync_features=empty-header-workaround
- imapc: Various bugfixes, including infinite loops on some errors
- IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't
enabled modseq tracking via CONDSTORE/QRESYNC.
- fts-lucene: Fix it to work again with mbox format
- Some internal error messages may have contained garbage in v2.2.29
- mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys
are used. Otherwise the copied mails can't be opened.
- vpopmail: Fix compiling
|
|
This is a bug-fix release. Of note to Gmail users is a potential crash
fix when copy/moving messages to its Trash folder.
|
|
of qmail-qfilter-{ofmipd,smtpd}-queue, and document how to enable
filtering for incoming and submitted messages. Bump version.
|
|
of the SMTP AUTH patch. Enable "sasl" option by default. Bump PKGREVISION.
|
|
|
|
1.3.159
Stop using /usr/share/mk Makefiles on BSD systems in order to allow
building on FreeBSD 11.
Add ./configure --with-install-cmd=X --enable-pkg-make to facilitate
as FreeBSD port without patches.
Use /proc/uptime to compute boottime on Linux.
Ignore host names defined as 0.0.0.0.
Don't let the Received: header parsing for the sender IP address in
dccifd and dccproc be fooled by HELO values like "[127.0.0.1]"
Change URLs to use https
From Petar Bogdanovic (OWNER).
|
|
1.10.1 2017-05-21 06:48 UTC
Changelog:
* Fix Bug 21206: explodeQuotedString() does not handle quoted strings
correctly [dfukagaw28]
* Fix Bug 21205: Invalid encoding of headers with quoted multibyte strings in
non-unicode charset [dfukagaw28]
* Fix Bug 21098: Discrepancy in handling of empty (but set) plain text part
[alec]
|
|
pkgsrc change:
* set LICENSE to modified-bsd.
* standarlized order in Makefile.
1.4.1 2017-04-11 13:33 UTC
Changelog:
* Loosen recognition of "queued as" server response (PR #10)
* Bug #20463: domain-literal parsing error
* Bug #20513: Mail_smtp::send() doesn't close socket for smtp connection
1.4.0 2017-04-07 13:09 UTC
Changelog:
Clarified licensing to "New BSD" (3-Clause BSD)
* Bug #21082: Inconsistent licensing
|
|
ofmipd(8) and new-inject(8). The patch is enabled by default for qmail
(via "qmail-netqmail"), so do the same here. Bump PKGREVISION.
|
|
ezcgi.css in ${PKG_SYSCONFDIR}. Provide supporting documentation in
share/doc/ezmlm-idx. Bump PKGREVISION.
|
|
|
|
|
|
|
|
ezmlm-idx-7.2.2, 2014-05-14
===========================
- Added replytolist feature to ezmlm-send. When enabled, strips incoming
Reply-To: header and adds its own. Also alters the behavior of
rewritefrom.
- Fixed off-by-one typo in ezmlm-weed causing an "out of memory" error.
ezmlm-idx-7.2.1, 2014-05-09
===========================
- Fixed header address extraction in the presence of double quotes.
- Fixed rewritefrom feature to run if the list is not indexed.
ezmlm-idx-7.2.0, 2014-05-02
===========================
- Added <#C#>, <#T#>, and <#X#> substitutions for (un)subscribe
confirmation emails, replaced with the hash code, time stamp, and
action respectively.
- Added option to ezmlm-[un]sub to use a tag other than "manual" in Log.
- Added option to ezmlm-manage to show what response is being sent.
- Added optional rewritefrom feature to ezmlm-send, automatically
enabled when the sender has a "reject" DMARC policy.
- Fixed behavior of ezmlm-manage -Q flag to match man page.
- Fixed ezmlm-import failing to flush output to the last message,
and enhanced it to allow reading the mbox from stdin.
Thanks to Tullio Andreatta.
- Fixed ezmlm-manage notifying target of an unsubscribe by a remote
administrator when the -N option is in use.
Thanks to Nebojsa Milovanovic.
- Fixed ezmlm-archive corrupting output index files.
- Internal rewrite of SQL modules to merge all common code.
ezmlm-idx-7.1.1, 2010-11-18
===========================
- Fixed bug in getln2 function that prevented error handling.
- Fixed bug in ezmlm-cron that prevented parsing of spaces.
- Fixed unclosed file descriptor on error path in ezmlm-cgi.
ezmlm-idx-7.1.0, 2010-11-03
===========================
- Added support for SQLite3 subscriber databases.
Thanks to Mike Tedder.
- Added support for wildcard addresses in all address databases.
- Added support for qmqpservers to all ezmlm-idx programs.
- Added support for decoding sender addresses mangled with a BATV "btv1" tag.
- Added support for custom subject lines to ezmlm-get (for digests).
- Added a new "omitbottom" control file, equivalent to the -B option for
both ezmlm-get and ezmlm-manage.
- Modified the (un)subscribe procedure to not require confirmation
before telling the sender they were already on (or off) the list.
- Renamed to "setup" makefile target to the more standard "install".
- Modified ezmlm-split to exit silently if there is not "split" file,
and added it back into the "manager" file to properly handle subscribe
and unsubscribe requests destined for sublists.
- Made the ezmlm-reject -h (obey headerreject) option the default.
- Fixed ezmlm-send to obey the "addtrailer" setting instead of looking
for a "text/trailer" file.
- Fixed handling of adding the trailer on old lists.
- Fixed adding the trailer to posts encoded with base64.
- Fixed handling Received: headers with the date stamp on a separate line.
- Fixed bug in command-line option processing which caused sender-
confirmed posting to fail.
- Fixed handling BATV sender addresses with upper-case hex tags.
Thanks to Kyle Wheeler for pointing this out.
- Adjusted filename in digest attachments to fix problem with Outlook.
Thanks to Glen Stewart
ezmlm-idx-7.0.2, 2009-08-09
===========================
- Fixed selection of [un]subscribe subject line for moderated
subscriptions.
- Clarified ezmlm-reject man page to note that Precedence: bulk is also
rejected.
- Added a proper charset for ch_GB (Chinese GuoBiao), and added an
explicit charset for the other languages that were missing them.
- Switched all ISO-8859-1 charsets to the more modern ISO-8859-15.
- Many small text updates and tweaks.
ezmlm-idx-7.0.1, 2009-07-09
===========================
- Added support for decoding sender addresses mangled by BATV prvs.
- Added missing ezmlm-checksub to the installed programs.
- Improved the TXT_BY message used in digests to work better with
non-English languages.
- Fixed out-of-memory resulting in a permanent error.
- Fixed a buffer underflow bug in concatHDR.
- Fixed a bug in ezmlm-issubn.c that was causing it to scan the main
list when it shouldn't.
- Fixed missing defaults in ezmlm-tstdig when digsize, digcount, or
digtime were not created.
- Clarified the steps necessary when upgrading in UPGRADE.
ezmlm-idx-7.0.0, 2008-06-16
===========================
This version has three major architectural changes:
1. There is now support for internationalized messages. All error
messages, all subject lines, and a few other messages are now configured
in a file named "text/messages" that is read at run time. Messages in
this file will undergo header-style substitution before they are output.
Unlike other text files, all 3 of the files (DIR/text/messages,
/etc/ezmlm/LANG/text/messages, and /etc/ezmlm/default/text/messages) are
read, and only the first match (in the above order) is used for any
given message. This allows for creation of partial files to override
just select messages. If no match is found, the internal English text
is used.
2. The use of the "flags" file has been deprecated completely by
individual flag files accessed by the appropriate programs. This, along
with corresponding changes to the ezmlmrc template, allows for lists to
be reconfigured without invoking ezmlm-make. To upgrade a list to the
new setup, simply run "ezmlm-make -+ DIR". Note that this will delete
the "config" and "flags" files, as they have been superceded by other
files.
3. Creation of subscriber tables has been moved out of ezmlm-mktab-* and
into ezmlm-make by adding some additional hooks to the subdb plugins. A
ezmlm-rmtab program is also added to remove subscriber tables, also with
hooks in the subdb plugins. The ezmlm-mktab-* programs have been
obsoleted by these changes and have been removed.
Smaller changes:
- Fixed a bug in ezmlm-request that caused a segfault when attempting to
execute the "which" command.
- Added new program ezmlm-checksub to replace the
ezmlm-issubn ... || { echo error; exit 100; }
lines in the ezmlmrc files. ezmlm-issubn is now deprecated for use in
.qmail files, but still exists for backwards compatibility.
- Added ezmlm-weed to the confirmer control files.
- Added <#a#> substitution for the local part of the accept address.
- ezmlm-warn will now process bounces for both the main and digest lists
if neither the -d nor the -D options are given.
- Added several control files for programs:
dir/digcount ezmlm-tstdig
dir/digestcode ezmlm-get
dir/digformat ezmlm-get
dir/digsize ezmlm-tstdig
dir/digtime ezmlm-tstdig
dir/modcanedit ezmlm-manage
dir/modcanlist ezmlm-manage
dir/modgetonly ezmlm-get
dir/modpostonly ezmlm-store
dir/nosubconfirm ezmlm-manage
dir/nounsubconfirm ezmlm-manage
dir/nowarn ezmlm-warn
dir/subgetonly ezmlm-get
dir/noreturnposts ezmlm-clean
- Removed the ezmlm-make -4 option in favor of the above files.
- Fixed handling of digest bouncer in ezmlm-dispatch.
- Eliminated the use of vfork for portability.
- Added support for decoding sender addresses mangled by SRS.
- Fixed bug when running ezmlm-archive on a newly-created list.
- Always enable ezmlm-request in manager.
- Always enable the "deny" blacklist.
- Fixed a long standing bug in ezmlm-store that caused both posting and
moderating to happen when both modpost and confirmpost were disabled.
Note: The subdb API was modified in this version. You will need to
reinstall all sub-* modules along with the main package. Also, the
messages changes also replaced the confirmpost subject line hack in
ezmlm-store and the mailinglist file. The contents of DIR/confirmpost
and DIR/mailinglist are now ignored in favor of the SUB_CONFIRM_POST and
TXT_MAILING_LIST messages, respectively.
ezmlm-idx-6.0.1, 2007-10-06
===========================
- Fixed all of the subdb plugins to correct a problem that prevented
ezmlm-manage from working properly.
- Fixed ezmlm-weed to handle MIME Delivery Status Notification messages
better.
- Fixed ezmlm-send to insert the proper value for the List-ID: header.
Thanks Bill Nugent.
- Added the necessary Sender: header to make DomainKeys work into the
ezmlmrc template.
- ezmlm-mktab-mysql and ezmlm-mktab-pgsql will now only be installed if
they were built (with "make mysql" or "make pgsql" respectively).
Note: The subdb API was modified in this version. You will need to
reinstall all sub-* modules along with the main package.
ezmlm-idx-6.0.0, 2006-11-30
===========================
This version introduces two major changes in how ezmlm-idx operates.
First, the naming of subscriber lists has been revamped. In previous
versions, the subscriber list would be identified by a full path to the
list directory. In this version, the lists are identified by their
subdirectory name within the list base directory. Full paths are
supported in some places for backwards compatibility, but only where
they fall within the list directory. This coincidentally removes the
absolute path requirement in all places except ezmlm-make, and
eliminates the need for (and use of) all the "sql" files not in the list
base directory.
Second, all three subscriber database libraries (standard, MySQL, and
PostgreSQL) have been moved into dynamically loaded plugins. If you
were previously using MySQL or PgSQL support, please follow the
instructions in UPGRADE.idx. After this configuration, this version is
backwards configurable with previous versions.
The plugin support also adds support for an optional DIR/subdb file
which supercedes DIR/sql. The file should contain the subscriber
database plugin name followed by the content that would have gone into
DIR/sql. If it is not found, DIR/sql is used instead with an assumed
plugin name of "sql". ezmlm-make will read in and convert DIR/sql if
DIR/subdb does not exist, but it writes out DIR/subdb.
Make sure to read the UPGRADE.idx file for more information on what
steps may be necessary to use this version.
ezmlm-idx-5.1.2, 2007-10-05
===========================
- Fixed ezmlm-send to insert the proper value for the List-ID: header.
Thanks Bill Nugent.
- Added the necessary Sender: header to make DomainKeys work into the
ezmlmrc template.
ezmlm-idx-5.1.1, 2006-11-23
===========================
- (Un)subscribe requests initiated and confirmed by a moderator are now
marked in the Log as "+mod" or "-mod". This is accomplished by the
addition of another pair of subscribe/unsubscribe confirmation
commands ("rc.cookie" and "wc.cookie") to ezmlm-manage to
differentiate between moderated (un)subscribe requests and
(un)subscribe requests iniated and confirmed by a moderator.
- Updated the embeded qmail-verh patch to version 0.07
ezmlm-idx-5.1.0, 2006-08-08
===========================
- Added a new configuration files "headerkeep" and "mimekeep" which
override "headerremove" and "mimeremove" respectively if either of the
former are present. Instead of removing bad headers, the "headerkeep"
file controls which ones *not* to remove. The "mimekeep" file works
similarly for MIME parts.
- Added a new program, ezmlm-import, which imports messages from a mbox
file into ezmlm-idx's message archive.
- Modified ezmlm-gate, ezmlm-issubn, ezmlm-list, ezmlm-sub, and
ezmlm-unsub to accept relative subscriber database names. The changes
take into account backwards compatibility.
- Added ezmlm-weed to both the moderator and manager control files.
- Added several more autoresponder signatures to ezmlm-weed.
- Modified the vfork test to use pid_t instead of int, to fix
portability issues on Solaris.
- Fixed handling of missing ezmlmrc config file.
- Fixed ezmlm-dispatch to handle working in a non-default .qmail file.
ezmlm-idx-5.0.2, 2006-01-16
===========================
- All programs that copy the input message (ezmlm-get, ezmlm-manage,
ezmlm-reject, ezmlm-request, and ezmlm-warn) will now copy the whole
header but only a limited number of lines of the message body,
configured by putting a number into "copylines". If this control file
is not present, no body lines are copied (to avoid spam complaints).
- Fixed ezmlm-make to override settings in the config files with command
line options instead of the other way around.
- Updated Spanish translation for post-confirm. Thanks Ruben Cardenal.
- Fixed bug in generation of a (currently unused) email address in the
subscription confirmation message.
- Substitute <#c#> in (un)subscribe confirm messages with just the
confirmation cookie (ie <#r#> without the <#l#>- prefix).
ezmlm-idx-5.0.1, 2005-12-16
===========================
- If files cannot be found in either the list directory or the
language-specific directory, try to pull them from the default
directory (/etc/ezmlm/default).
- Added a proper charset for Japanese texts.
- Added a Spanish translation for post-confirm. Thanks Ruben Cardenal.
- Fixed a bug in ezmlm-cgi caused by the use of "char" type for array
index calculations.
- Fixed ezmlm-gate failing to exit 0 on success. Thanks Ian Charnas and
Sami Farin.
ezmlm-idx-5.0.0, 2005-10-03
===========================
- Moved all the language-specific files (that is, all the "text" files
plus "charset" and "mailinglist") out of the ezmlmrc files into
individual files installed in a common location (/etc/ezmlm/LANG by
default).
- Modified the programs to try to pull files that are not present in the
list directory from the common location above.
- Replaced the use of the "config" file in ezmlm-make with individual
files containing one setting each. ezmlm-make will still read the
config file for now, but it is considered depricated. Running
"ezmlm-make -+" on an existing list will upgrade it.
- Added a "conf-etc" config file to allow changing the path to
configuration files (defaults to "/etc/ezmlm").
- Added a "conf-lang" config file to replace the "make ISO" mechanism.
- Modified the "copy" function, which translates from "text" files into
output emails, to also select sections at run time based on the list's
configured flags.
|
|
file.
While here also simplify MASTER_SITES (convert it to MASTER_SITE_GITHUB)
and delete DIST_SUBDIR and WRKSRC that are no longer needed with
that change.
Bump PKGREVISION
Discussed with <schmonz>
|
|
|
|
Enigmail 1.9.7
Released 2017-05-13, works with Thunderbird 38.0 & newer and SeaMonkey 2.35 & newer.
Notable Changes
This is a bugfix release
Bugs fixed
This version fixes a compatibility bug on Thunderbird 52 that makes keyserver up/downloads unusable.
|
|
|
|
|
|
|
|
so need to build it the same way as the main package. Fixes SSL build.
|
|
1.8
LMTP support
workaround for QIP IMAP Server
compatibility with NDK 13
fixed crash (CVE-2017-8825)
|
|
|
|
https://github.com/joyent/pkgsrc/pull/499
Major changes since 6.5.6 (3 years ago):
- The dabatase for the cache is now sqlite by default
- Experimental Python 3 support
- Basic UTF support
See full changelog:
https://github.com/OfflineIMAP/offlineimap/blob/master/Changelog.md
|
|
|
|
|
|
|
|
1.5.6:
* [Feature] Add unigramms support in bayes
* [Feature] Allow configurable sign headers for DKIM
* [Feature] Allow to add unigramm metatokens from Lua
* [Feature] DKIM Signing: envelope match exception for local IPs
* [Feature] UCL: register parser variables from Lua
* [Fix] Always try to adjust filename
* [Fix] Do extra copy to ensure that original content is never touched
* [Fix] Fix SPOOF_REPLYTO rule
* [Fix] Ignore Rmilter added Received
* [Fix] More fixes for hashed email dnsbls
* [Fix] Plug memory leak in chartable module
* [WebUI] Display multiple alerts at once
|
|
2017-04-28 Richard Russon <rich@flatcap.org>
* Bug Fixes
- Fix and simplify handling of GPGME in configure.ac (@gahr)
* Docs
- Fix typo in README.neomutt (@l2dy)
* Upstream
- Fix km_error_key() infinite loop and unget buffer pollution
- Fix error message when opening a mailbox with no read permission
|
|
* Sync with thunderbird-52.1.0
|
|
Changelog:
Fixed
* Background images not working and other issues related to embedded images when composing email
* Google Oauth setup can sometimes not progress to the next step
|
|
|
|
Nothing is change except version.
|
|
RELEASE 1.2.5
-------------
- Password: Fix security issue in virtualmin and sasl drivers [CVE-2017-8114]
|
|
Nothing is change except version.
|
|
RELEASE 1.2.5
-------------
- Fix re-positioning of the fixed header of messages list in Chrome when using
minimal mode toggle and About dialog (#5711)
- Fix so settings/upload.inc could not be used by plugins (#5694)
- Fix regression in LDAP fuzzy search where it always used prefix search
instead (#5713)
- Fix bug where namespace prefix could not be truncated on folders list if
show_real_foldernames=true (#5695)
- Fix bug where base_dn setting was ignored inside group_filters (#5720)
|
|
|
|
|
|
|
|
the patch.
|
|
values of ${QMAIL_DAEMON_USER} and ${QMAIL_LOG_USER}. Allow
smtpfront_smtpdcmd to be overridden in rc.conf.
|
|
|
|
|
|
|
|
This package contains language packs for mail/thunderbird45.
|
|
Mozilla Thunderbird is a redesign of the Mozilla mail component. The
goal is to produce a cross platform stand alone mail application using
the XUL user interface language. This version uses the gtk2 toolkit.
|
|
* Sync with thunderbird-52.0.1
|
|
Changelog:
52.0.1:
Fixed
Clicking on a link in an email may not open this link in the external browser.
Crash due to incompatibility with McAfee Anti-SPAM add-on. Add-on is blocked in 52.0.1
52.0:
New
Folder pane toolbar and folder view selector (replacement for folder view arrows)
Optionally remove corresponding data files when removing an account from Thunderbird
Import settings from Becky! Internet Mail
Possibility to copy message filter
Dictionary setting is restored when editing a draft. Content-Language header (RFC 3282) transmitted with message
Calendar: Event can now be created and edited in a tab
Calendar: Processing of received invitation counter proposals
Chat: Support Twitter Direct Messages
Chat: Liking and favoriting in Twitter
Chat: XMPP: Support SASL SCRAM authentication mechanism
Chat: Support Jabber/XMPP Message Carbons (XEP-280)
Changed
IMPORTANT: The way images are included in a compose window has changed. Images are now included as data URIs and not as references to parts of other messages or operating system files. This allows better interoperability with office packages such as MS Office or LibreOffice. Images linked from locations on the internet will no longer be downloaded and attached to the message automatically. This can be changed for each image individually via the Image Properties dialog or globally by setting the preference mail.compose.attach_http_images.
Correspondents column now default for all new folders, can be switched off with preference mail.threadpane.use_correspondents
When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header
On Linux PulseAudio is now required to play sound
Formatting toolbar is now left in place when delivery format is switched to plain text only
Messages in IMAP folders read on external device are now filtered by default
Folders backed by mbox storage larger than 4GB are supported without warning (unless preference mailnews.allowMboxOver4GB is set to false)
IMAP caching now uses Mozilla's latest caching technology
The keyboard shortcut to insert hyperlinks into a compose window was changed from CTRL+L to CTRL+K to align with Office applications
Chat: Removed Yahoo! Messenger support (since Yahoo removed support)
Fixed
Message preview pane non-functional after IMAP folder was renamed or moved
Fixed
Editing in paragraph format: Pressing Shift+Enter sometimes doesn't move the cursor to the next line
Various corrections when composing messages in paragraph format
Paste as quotation doesn't always work
Long lines in plain text replies not properly wrapped
Undesired white-space before signature in paragraph mode
When attachment unavailable, compose shows endless "Attaching..." message instead of error
Text encoding of reply sometimes incorrect (uses encoding of last viewed message)
Text encoding of message display, reply or forwarded message sometimes incorrect (uses encoding of attachment)
Delivery Format not preserved for saved drafts (Auto-Detect|Plaintext|HTML|Both)
Reply to own e-mail does not reply with the correct identity
IMAP message part caching
Links with escaped non-ASCII (international) characters can't be clicked
Calendar: Events specified in timezone "local time" generate alerts in UTC time
Chat: XMPP Resource collisions
Various security fixes
Security fixes:
#CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
#CVE-2017-5401: Memory Corruption when handling ErrorResult
#CVE-2017-5402: Use-after-free working with events in FontFace objects
#CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
#CVE-2017-5404: Use-after-free working with ranges in selections
#CVE-2017-5406: Segmentation fault in Skia with canvas operations
#CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
#CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
#CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
#CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
#CVE-2017-5412: Buffer overflow read in SVG filters
#CVE-2017-5413: Segmentation fault during bidirectional operations
#CVE-2017-5414: File picker can choose incorrect default directory
#CVE-2017-5416: Null dereference crash in HttpChannel
#CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
#CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
#CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
#CVE-2017-5419: Repeated authentication prompts lead to DOS attack
#CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
#CVE-2017-5421: Print preview spoofing
#CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
#CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
#CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8
|
|
|
|
2017-04-21 Richard Russon <rich@flatcap.org>
* Features
- add lua scripting
- add command-line batch mode
- index_format: add support of %K
* Bug Fixes
- attachment/pager: Use mailcap for test/* except plain
- Fix uncollapse_new in pager
- fix garbage in chdir prompt due to unescaped string
- Fix inbox-first functionality when using mutt_pretty_mailbox
- add full neomutt version to log startup
- fix bug in uncolor for notmuch tag
- fix broken from_chars behaviour
* Coverity defects
- strfcpy
- add variable - function arg could be NULL/invalid
- add variable - failed function leads to invalid variable
- add variable - Context could become NULL
- add variable - alloc/strdup could return NULL
- add variable - route through code leads to invalid variable
- remove variable test
- test functions
- tidy switches
- unused variables
- refactor only
- check for buffer underruns
- fix leaks
- minor fixes
- bug: add missing break
- bug: don't pass large object by value
- fix: use correct buffer size
- shadow variables
- 0 -> NULL
* Docs
- many minor updates
- sync translations
- delete trailing whitespace
- indent the docbook manual
- use w3m as default for generating UTF8 manual.txt
* Website
- many minor updates
- fix broken links
- add to list of useful programs
- test automatic html checker
- remove trailing whitespace
- add irc description
- update issue labels (dev)
- new page: closed discussions
- new page: making neomutt (dev)
* Build
- drop obsolete m4 scripts
- don't look for lua libs unless asked for
- workaround slang warnings
- lower the gettext requirement 0.18 -> 0.17
- add keymap_alldefs.h to BUILT_SOURCES
- fix make dist distcheck
- Remove -Iimap from CFLAGS and include imap/imap.h explicitly
- mx: fix conditional builds
- Make iconv mandatory (no more --disable-iconv)
- refactor: Split out BUFFER-handling functions
* Tidy
- drop control characters from the source
- drop vim modelines
- delete trailing whitespace
- mark all local functions as static
- delete unused functions
- replace FOREVER with while (true)
- drop #if HAVE_CONFIG_H
- use #ifdef for potentially missing symbols
- remove #if 0 code blocks
- drop commented out source
- IMAP auth functions are stored by pointer cannot be static
- force OPS to be rebuilt after a reconfigure
- be specific about void functions
- expand a few more alloc macros
- add argument names to function prototypes
- drop local copy of regex code
- rearrange code to avoid forward declarations
- limit the scope of some functions
- give the compress functions a unique name
- use snake_case for function names
- add missing newlines to mutt_debug
- remove generated files from repo
- look for translations in all files
- fix arguments to printf-style functions
- license text
- unify include-guards
- tidy makefiles
- initialise pointers
- make strcmp-like functions clearer
- unify sizeof usage
- remove forward declarations
- remove ()s from return
- rename files hyphen to underscore
- remove unused macros
- use SEEK_SET, SEEK_CUR, SEEK_END
- remove constant code
- fix typos and grammar in the comments
- Switch to using an external gettext runtime
- apply clang-format to the source code
- boolify returns of 84 functions
- boolify lots of struct members
- boolify some function parameters
* Upstream
- Add $ssl_verify_partial_chains option for OpenSSL
- Move the OpenSSL partial chain support check inside configure.ac
- Don't allow storing duplicate certs for OpenSSL interactive prompt
- Prevent skipped certs from showing a second time
- OpenSSL: Don't offer (a)ccept always choice for hostname mismatches
- Add SNI support for OpenSSL
- Add SNI support for GnuTLS
- Add shortcuts for IMAP and POP mailboxes in the file browser
- Change OpenSSL to use SHA-256 for cert comparison
- Fix conststrings type mismatches
- Pass envlist to filter children too
- Fix mutt_envlist_set() for the case that envlist is null
- Fix setenv overwriting to not truncate the envlist
- Fix (un)sidebar_whitelist to expand paths
- Fix mutt_refresh() pausing during macro events
- Add a menu stack to track current and past menus
- Change CurrentMenu to be controlled by the menu stack
- Set refresh when popping the menu stack
- Remove redraw parameter from crypt send_menus
- Don't full redraw the index when handling a command from the pager
- Filter other directional markers that corrupt the screen
- Remove the OPTFORCEREDRAW options
- Remove SidebarNeedsRedraw
- Change reflow_windows() to set full redraw
- Create R_MENU redraw option
- Remove refresh parameter from mutt_enter_fname()
- Remove redraw flag setting after mutt_endwin()
- Change km_dokey() to pass SigWinch on for the MENU_EDITOR
- Separate out the compose menu redrawing
- Separate out the index menu redrawing
- Prepare for pager redraw separation
- Separate out the pager menu redrawing
- Don't create query menu until after initial prompt
- Silence imap progress messages for pipe-message
- Ensure mutt stays in endwin during calls to pipe_msg()
- Fix memleak when attaching files
- Add $ssl_verify_partial_chains option for OpenSSL
- Move the OpenSSL partial chain support check inside configureac
- Don't allow storing duplicate certs for OpenSSL interactive prompt
- Prevent skipped certs from showing a second time
- OpenSSL: Don't offer (a)ccept always choice for hostname mismatches
- Add SNI support for OpenSSL
- Add SNI support for GnuTLS
- Add shortcuts for IMAP and POP mailboxes in the file browser
- Updated French translation
- Change OpenSSL to use SHA-256 for cert comparison
- Fix conststrings type mismatches
- Pass envlist to filter children too
- Fix mutt_envlist_set() for the case that envlist is null
- Fix setenv overwriting to not truncate the envlist
- Fix mutt_refresh() pausing during macro events
- Add a menu stack to track current and past menus
- Change CurrentMenu to be controlled by the menu stack
- Set refresh when popping the menu stack
- Remove redraw parameter from crypt send_menus
- Don't full redraw the index when handling a command from the pager
- Fix (un)sidebar_whitelist to expand paths
- Filter other directional markers that corrupt the screen
- Remove the OPTFORCEREDRAW options
- Remove SidebarNeedsRedraw
- Change reflow_windows() to set full redraw
- Create R_MENU redraw option
- Remove refresh parameter from mutt_enter_fname()
- Remove redraw flag setting after mutt_endwin()
- Change km_dokey() to pass SigWinch on for the MENU_EDITOR
- Separate out the compose menu redrawing
- Separate out the index menu redrawing
- Prepare for pager redraw separation
- Separate out the pager menu redrawing
- Don't create query menu until after initial prompt
- Silence imap progress messages for pipe-message
- Ensure mutt stays in endwin during calls to pipe_msg()
- Fix memleak when attaching files
- automatic post-release commit for mutt-181
- Added tag mutt-1-8-1-rel for changeset f44974c10990
- mutt-181 signed
- Add ifdefs around new mutt_resize_screen calls
- Add multiline and sigwinch handling to mutt_multi_choice
- Set pager's REDRAW_SIGWINCH when reflowing windows
- Add multiline and sigwinch handling to mutt_yesorno
- Change the sort prompt to use (s)ort style prompts
- Handle the pager sort prompt inside the pager
- Fix GPG_TTY to be added to envlist
- automatic post-release commit for mutt-182
|