| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
This is a SECURITY release, addressing a CRITICAL remote code execution
flaw in Exim version 4.82 (only) when built with DMARC support (an
experimental feature, not on by default). This release is identical to
4.82 except for the small change needed to plug the security hole. The
next release of Exim will, eventually, be 4.83, which will include the
many improvements we've made since 4.82, but which will require the
normal release candidate baking process before release.
You are not vulnerable unless you built Exim with EXPERIMENTAL_DMARC.
This issue is known by the CVE ID of CVE-2014-2957, was reported
directly to the Exim development team by a company which uses Exim for
its mail server. An Exim developer constructed a small patch which
altered the way the contents of the From header is parsed by converting
it to use safer and better internal functions. It was applied and
tested on a production server for correctness. We were notified of the
vulnerability Friday night, created a patch on Saturday, applied and
tested it on Sunday, notified OS packagers on Monday/Tuesday, and are
releasing on the next available work day, which is Wednesday.
This is why we have made the smallest feasible changes to prevent
exploit: we want this chagne to be as safe as possible to expedite into
production (if the packages were built with DMARC).
|
|
|
|
* Didn't pass the portability check, noted by joerg@.
* Some PLIST problem.
No bump revision since the package was broken.
|
|
|
|
|
|
|
|
|
|
* Fixed Bug #20273: Incorrect handling of HTAB in encodeHeader() [alec]
* Fixed Bug #20226: Mail_mimePart::encodeHeader does not encode ISO-2022-JP
string [alec]
* Fixed Bug #20222: Broken Compatybility with PHP4 [alec]
|
|
|
|
|
|
|
|
== [release-2-0-3] 2.0.3: 2014-05-20
A bug fix release of 2.0.2
=== Package
==== Improvements
* Drop Ubuntu Quantal (12.10) support
* Drop Ubuntu Raring (13.04) support
* Add Ubuntu Trusty (14.04) support
* Drop Debian squeeze support
* rpm: Update Ruby1.9.3 package for CentOS6 to Ruby1.9.3-p545.
=== milter manager
==== Improvements
* Update bundled libev to 4.15
==== Fixes
* Fix a bug that data_stopper cannot stop apply children
[GitHub #39]
=== Ruby milter
==== Improvements
* Update bundled glib2 to 2.2.0
* Milter::Logger methods can accept a block
=== Document
==== Fixes
* Fix typos in FreeBSD installation
[Patched by Dave Dodd]
=== Thanks
* Dave Dodd
|
|
python3, since the default changed from python33 to python34.
I probably bumped too many. I hope I got them all.
|
|
|
|
|
|
|
|
Changes:
* Fix serious bug in DNS random code.
* Rename symbol HFILTER_HOSTNAME_NOPTR (@AlexeySa)
* Fix Hfilter for null text part (@AlexeySa)
* Fix rule MISSING_MIMEOLE for IPB forum (@AlexeySa)
* Tweak default RBL module config for brevity (@fatalbanana)
* Fix nameservers setup.
* Fix overrides for a metric. (#33)
* Fix memory leak in fuzzy_add command.
* Debianization (by @dottedmag).
* Rework resolver library.
* Rework LRU hash logic.
* Fix users in debian package (by @dottedmag).
* Rework bloom hash library to use XXHash.
* Remove judy and use glib hash tables from fuzzy_storage.
|
|
* Editheader extension: Made control characters allowed for editheader,
except NUL. Before, this would cause a runtime error.
+ Upgraded Dovecot-specific Sieve "vnd.dovecot.duplicate" extension to
match the new draft "duplicate" extension.
- Fixed sieve_result_global_log_error to log only as i_info in
administrator log (syslog) if executed from multiscript context.
- Sieve redirect extension: Adjusted loop detection to show leniency to
resent messages.
- Sieve include extension: Fixed problem with handling of duplicate
includes with different parameters :once or :optional.
- Sieve spamtest/virustest extensions: Tests were erroneously performed
against the original message. When used together with extprograms
filter to add the spam headers, the changes were not being used by
the spamtest and virustest extensions.
- Deprecated Sieve notify extension: Fixed segfault problems in message
string substitution.
- ManageSieve: Fixed active link verification to handle redundant path
slashes correctly.
- Sieve vacation extension:
- Fixed interaction of sieve_vacation_dont_check_recipient with
sieve_vacation_send_from_recipient setting.
- Fixed log message for discarded response.
- Sieve extprograms plugin:
- Forgot to disable the alarm() timeouts set for script execution.
- Fixed fd leak and handling of output shutdown.
- Fixed 'Bad filedescriptor' error occurring when disconnecting
script client.
- Made sure that programs are never forked with root privileges.
|
|
* Fixed a DoS attack against imap/pop3-login processes. If SSL/TLS
handshake was started but wasn't finished, the login process
attempted to eventually forcibly disconnect the client, but failed
to do it correctly. This could have left the connections hanging
arond for a long time. (Affected Dovecot v1.1+)
+ mdbox: Added mdbox_purge_preserve_alt setting to keep the file
within alt storage during purge. (Should become enforced in v2.3.0?)
+ fts: Added support for parsing attachments via Apache Tika. Enable
with: plugin { fts_tika = http://tikahost:9998/tika/ }
+ virtual plugin: Delay opening backend mailboxes until it's necessary.
This requires mailbox_list_index=yes to work. (Currently IMAP IDLE
command still causes all backend mailboxes to be opened.)
+ mail_never_cache_fields=* means now to disable all caching. This may
be a useful optimization as doveadm/dsync parameter for some admin
tasks which shouldn't really update the cache file.
+ IMAP: Return SPECIAL-USE flags always for LSUB command.
- pop3 server was still crashing in v2.2.12 with some settings
- maildir: Various fixes and improvements to handling compressed mails,
especially when they have broken/missing S=sizes in filenames.
- fts-lucene, fts-solr: Fixed crash on search when the index contained
duplicate entries.
- Many fixes and performance improvements to dsync and replication
- director was somewhat broken when there were exactly two directors
in the ring. It caused errors about "weak users" getting stuck.
- mail_attachment_dir: Attachments with the last base64-encoded line
longer than the rest wasn't handled correctly.
- IMAP: SEARCH/SORT PARTIAL was handled completely wrong in v2.2.11+
- acl: Global ACL file handling was broken when multiple entries
matched the mailbox name. (Only the first entry was used.)
|
|
that performs DNSBL filtering.
|
|
No change except version number.
|
|
* 3.4.1 (stable)
* Fixed Bug #193: Lose mails when mailbox is inaccessible.
* 3.4.0 (stable)
* 3.4.0rc (release candidate)
* SSL wildcard certificate is also validated now (#167).
* The compile error with OpenSSL disabled was fixed.
* 3.4.0beta8 (development)
* Mac OS X support was improved.
* SSL certificate hostname is validated now (#167).
* The Japanese manual was modified so that IE correctly detect its
character encoding.
* The rightmost column of folder view and summary view became easier to
resize.
* Appropriate columns of folder view, summary view, etc. are
auto-expanded by window resize when using GTK+ 2.14 or later.
* The initial setup dialog is now resizabe.
* PGP encrypt-to-self feature was added.
* The display period of notification window became configurable.
* 3.4.0beta7 (development)
* Win32: the tray icon is recreated when explorer.exe crashes now.
* The bug that 'File - Folder - Move folder...' menu didn't work was
fixed.
* The bug that MIME nest level restriction was not working was fixed.
* Many defects discovered by Coverity Scan were fixed:
- FILE handle resource leaks
- memory leaks
- possible buffer overrun
- strict error checks
- correct null pointer checks
* 3.4.0beta6 (development)
* Icon theme feature was added.
* HTML mail is distinguished from other messages with attachments now.
* 'Last 30 days' was added to the quick search menu.
* Attached images are rotated based on Exif orientation tag.
* Config.guess and config.sub included in the tarball were updated to the
latest version.
* 3.4.0beta5 (development)
* Basque translation was added.
* Escaped special characters in HTML links are now properly unescaped
(#120).
* IMAP: parsing of folder names that contain brackets was fixed.
* Config.guess and config.sub included in the tarball were updated.
* The order of templates became stable.
* 3.4.0beta4 (development)
* The feature to save message as plain text was added.
* Printing now prints all texts in messages, not only the first one.
* The HTML parser now supports <blockquote> tag.
* An option to prefer HTML part in multipart/alternative was added
(default: off).
* Compose window is raised when the external editor exits.
* Bugfixes of HTML display were made.
* 3.4.0beta3 (development)
* Rebuilding of folder tree which was broken at 3.4.0beta1 was fixed
(#103).
* The bug that double-quote (") and backslash (\) in
folder/username/password were not escaped and could not be used on IMAP4
was fixed.
* Quotation of forwarded messages is enabled for template now.
* When marking a message as junk and moving it to a junk folder, proper
junk folder is selected instead of default one.
* When applying a template for a new message, current date is inserted
with '%d'.
* 3.4.0beta2 (development)
* New message notification window was added.
* An option to the junk filter setting was added:
'Do not classify message as junk if sender is in the address book'.
* Some non-standard Date header patterns are handled now.
* Win32: start menu shortcuts are translated.
* 3.4.0beta1 (development)
* Safe mode (which does not load plug-ins) was added (--safe-mode).
* The existence of destination folders are checked when creating a filter
rule.
* The recursion level is restricted up to 64 when scanning local mailbox
(prevents infinite loop with symlink. Note: Linux automatically limits
the symlink loop up to 40)
* The labels used in POP3 remote mailbox dialog was modified.
* POP3: do not disconnect immediately but send QUIT command on normal
POP3 errors (prevents deleted messages appear again).
* IMAP: "INBOX" folder became case insensitive as specified in RFC 3501.
* IMAP: server name for cache directory is escaped now
(fixes cache creation when using IPv6 address for server name on Windows).
* Win32: socket timeout setting now works on Windows.
|
|
Bugfixes (fixed in Postfix 2.11 and Postfix 2.12):
* With connection caching enabled (the default), recipients could
be given to the wrong mail server. The root cause was an incorrect
predicate. Due to this, the Postfix SMTP client could under
rare conditions save and restore plaintext connections that
should not be cached, under a fixed lookup key that did not
distinguish by destination. Problem reported by Sahil Tandon.
* Enforce TLS when TLSA records exist, but all are unusable.
* Don't leak memory when TLSA records exist, but all are unusable.
Workarounds:
* Prepend "-I. -I../../include" to the compiler command-line
options, to avoid name clashes with non-Postfix header files.
Documentation cleanup:
* Corrected postconf(1) manpage for missing version attribution
and incorrect "author" formatting.
* The documentation for Postfix > 2.8 TLS activity logging was
incorrect. Loglevel 0 produces no logging. Instead, information
is logged only with loglevel 1 or higher.
Logging cleanup:
* The TLS client logged that an "Untrusted" TLS connection was
established instead of "Anonymous".
* For consistency, TLS policy lookup errors are now logged as
warnings.
|
|
adding -lresolv to prevent linker unresolved symbols in site.config.m4
for SunOS as well.
|
|
until proven otherwise.
|
|
Fix PLIST* (remove duplicated entries etc.)
|
|
|
|
The following security problems were fixed in this release:
- MFSA 2014-46 Use-after-free in nsHostResolve
- MFSA 2014-44 Use-after-free in imgLoader while resizing images
- MFSA 2014-43 Cross-site scripting (XSS) using history navigations
- MFSA 2014-42 Privilege escalation through Web Notification API
- MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
- MFSA 2014-37 Out of bounds read while decoding JPG images
- MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service
Installer
- MFSA 2014-34 Miscellaneous memory safety hazards
|
|
|
|
Fix PR pkg/48777
|
|
|
|
|
|
|
|
|
|
<Differences between Mew 6.6 and Mew 6.5>
* Better image supports.
* The body encoded with Base64/Quoted-Printable is decoded.
* Catching up to the latest GnuPG.
* Support of ISO-2022-JP-3 was removed in favor of UTF-8.
* The speed to move the cursor in Summary mode got much faster.
* Supporting stunnel 5.
|
|
This is a major release. It introduces over two years of bug fixes and
features since the release of SpamAssassin 3.3.2 on June 16, 2011.
3.4.0 includes the Bayes Redis (http://redis.io/) back-end (bug 6879),
EDNS0 changes (bug 6910), native IPv6 support, numerous URIBL.pm changes
or features and a small API change in libspamc (bug 6562) with many other
subtle changes.
|
|
* Support for hierarchical mailboxes in Patterns.
* Full support for IMAP pipelining (streaming, parallelization)
added. This is considerably faster especially with high-latency
networks.
* Faster and hopefully more reliable support for IMAP servers without
the UIDPLUS extension (e.g., M$ Exchange).
* More automatic handling of SSL certificates.
* IPv6 support.
* IMAP password query can be scripted.
* Message arrival dates can be propagated.
* Data safety in case of system crashes was improved.
* MaxMessages was made vastly more useful.
|
|
OfflineIMAP v6.5.5 (2013-10-07)
===============================
* Avoid lockups for IMAP synchronizations running with the
"-1" command-line switch (X-Ryl669 <boite.pour.spam@gmail.com>)
* Dump stacktrace for all threads on SIGQUIT: ease debugging
of threading and other issues
* SIGHUP is now handled as the termination notification rather than
the signal to reread the configuration (Dmitrijs Ledkovs)
* Honor the timezone of emails (Tobias Thierer)
* Allow mbnames output to be sorted by a custom sort key by specifying
a 'sort_keyfunc' function in the [mbnames] section of the config.
* Support SASL PLAIN authentication method. (Andreas Mack)
* Support transport-only tunnels that requre full IMAP authentication.
(Steve Purcell)
* Make the list of authentication mechanisms to be configurable.
(Andreas Mack)
* Allow to set message access and modification timestamps based
on the "Date" header of the message itself. (Cyril Russo)
* "peritem" format string for [mbnames] got new expansion key
"localfolders" that corresponds to the same parameter of the
local repository for the account being processed.
* [regression] pass folder names to the foldersort function,
revert the documented behaviour
* Fix handling of zero-sized IMAP data items (GitHub#15).
* Updated bundled imaplib2 to 2.35:
- fix for Gmail sending a BYE response after reading >100 messages
in a session;
- includes fix for GitHub#15: patch was accepted upstream.
* Updated bundled imaplib2 to 2.36: it includes support for SSL
version override that was integrated into our code before,
no other changes.
* Fixed parsing of quoted strings in IMAP responses: strings like "\\"
were treated as having \" as the escaped quote, rather than treating
it as the quoted escaped backslash (GitHub#53).
* Execute pre/post-sync hooks during synchronizations
toggled by IMAP IDLE message processing. (maxgerer@gmail.com)
* Catch unsuccessful local mail uploads when IMAP server
responds with "NO" status; that resulted in a loss of such
local messages. (Adam Spiers)
* Don't create folders if readonly is enabled.
* Learn to deal with readonly folders to properly detect this
condition and act accordingly. One example is Gmail's "Chats"
folder that is read-only, but contains logs of the quick chats. (E.
Ryabinkin)
* Fix str.format() calls for Python 2.6 (D. Logie)
* Remove APPENDUID hack, previously introduced to fix Gmail, no longer
necessary, it might have been breaking things. (J. Wiegley)
* Improve regex that could lead to 'NoneType' object has no attribute
'group' (D. Franke)
* Improved error throwing on repository misconfiguration
OfflineIMAP v6.5.4 (2012-06-02)
===============================
* bump bundled imaplib2 library 2.29 --> 2.33
* Actually perform the SSL fingerprint check (reported by J. Cook)
* Curses UI, don't use colors after we shut down curses already (C.Höger)
* Document that '%' needs encoding as '%%' in configuration files.
* Fix crash when IMAP.quickchanged() led to an Error (reported by sharat87)
* Implement the createfolders setting to disable folder propagation (see docs)
OfflineIMAP v6.5.3.1 (2012-04-03)
=================================
* Don't fail if no dry-run setting exists in offlineimap.conf
(introduced in 6.5.3)
OfflineIMAP v6.5.3 (2012-04-02)
===============================
* --dry-run mode protects us from performing any actual action. It will
not precisely give the exact information what will happen. If e.g. it
would need to create a folder, it merely outputs "Would create folder
X", but not how many and which mails it would transfer.
* internal code changes to prepare for Python3
* Improve user documentation of nametrans/folderfilter
* Fixed some cases where invalid nametrans rules were not caught and
we would not propagate local folders to the remote repository.
(now tested in test03)
* Revert "* Slight performance enhancement uploading mails to an IMAP
server in the common case." It might have led to instabilities.
* Revamped documentation structure. `make` in the `docs` dir or `make
doc` in the root dir will now create the 1) man page and 2) the user
documentation using sphinx (requiring python-doctools, and
sphinx). The resulting user docs are in `docs/html`. You can also
only create the man pages with `make man` in the `docs` dir.
* -f command line option only works on the untranslated remote
repository folder names now. Previously folderfilters had to match
both the local AND remote name which caused unwanted behavior in
combination with nametrans rules. Clarify in the help text.
* Some better output when using nonsensical configuration settings
* Improve compatability of the curses UI with python 2.6
pkgsrc changes:
* Add "strongly recommended" dependency on py-sqlite3.
* Remove seemingly outdated MESSAGE.
|
|
2014/04/21 (2.6.19)
* Security Fixes:
Bug ID Summary
------ ------------------------------------------------------------
35388 commentized subjects allow PHP code injection
------ ------------------------------------------------------------
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
32987 Lots of deprecation warnings with Perl 5.12
42155 MHonArc crashed with message/external-body and RFC 2231
encoded parameters
------ ------------------------------------------------------------
|
|
revision 1.584
date: 2014/02/05 00:40:59; author: gilles; state: Exp; lines: +77 -50
Debug. Print separator given by NAMESPACE even when --sep1 oe --sep2 is used.
Debug. Prints prefix given by NAMESPACE even when --prefix1 or --prefix2 is used.
(Preparation for advising not to use --prefix unless suggested)
----------------------------
revision 1.583
date: 2014/02/04 03:04:35; author: gilles; state: Exp; lines: +15 -11
Bug fix. --ssl1 --tls2 was buggy because of default SSL_VERIFY_PEER. "Can not go to tls encryption on [localhost]:Unable to start TLS: Cannot determine peer hostname for verificationerror:00000000:lib(0):func(0):reason(0)"
----------------------------
revision 1.582
date: 2014/01/24 01:43:19; author: gilles; state: Exp; lines: +20 -12
Bugfix. Check if going to tls is ok, exit otherwise with explicit error message.
Thanks to Dennis Schridde for reporting this ugly bug.
----------------------------
revision 1.581
date: 2014/01/15 02:42:06; author: gilles; state: Exp; lines: +41 -15
Added --debugmaxlinelength
Added --minmaxlinelength to select messages with long lines only.
----------------------------
revision 1.580
date: 2013/12/25 02:52:36; author: gilles; state: Exp; lines: +51 -27
Added --skipcrossduplicates to avoid copying messages that are already copied in another folder.
Added --debugcrossduplicates to print which messages (UIDs) are skipped with --skipcrossduplicates (and in what other folders they are).
----------------------------
revision 1.579
date: 2013/12/18 13:53:19; author: gilles; state: Exp; lines: +9 -8
--maxmessagespersecond, value can be float like 3.2
----------------------------
revision 1.578
date: 2013/12/17 02:14:09; author: gilles; state: Exp; lines: +73 -9
Added --maxbytespersecond to limit byte transfer rate.
Added --maxmessagespersecond to limit messages tranfer rate (office365 throttle limitation).
----------------------------
revision 1.577
date: 2013/12/05 05:57:51; author: gilles; state: Exp; lines: +28 -10
Added tests to play with win32 \\?\C:\TEMP syntax and try to solve long path bug.
----------------------------
revision 1.576
date: 2013/11/19 14:37:24; author: gilles; state: Exp; lines: +19 -14
Added --debugmemory option that prints memory consumption after each message is copied.
----------------------------
revision 1.575
date: 2013/11/06 13:55:38; author: gilles; state: Exp; lines: +12 -7
Do not append message if the fetch failed.
----------------------------
revision 1.574
date: 2013/10/28 16:22:04; author: gilles; state: Exp; lines: +16 -8
Added --create_folder_old in case users want the old behavior of create_folder().
----------------------------
revision 1.573
date: 2013/10/28 14:44:10; author: gilles; state: Exp; lines: +48 -7
Bugfix. Applied patch for create_folder() and nested folders. Thanks to Erik Torsner.
----------------------------
revision 1.572
date: 2013/10/27 02:04:01; author: gilles; state: Exp; lines: +13 -8
Bug fix. Final statistics were avoided for newly created folders.
----------------------------
revision 1.571
date: 2013/10/25 14:34:27; author: gilles; state: Exp; lines: +58 -20
Added --folderfirst <string> : Sync this folder first. --folderfirst "Work"
Added --folderlast <string> : Sync this folder last. --folderlast "[Gmail]/All Mail"
--folderlast <string> : then this one, etc.
----------------------------
revision 1.570
date: 2013/10/25 12:52:02; author: gilles; state: Exp; lines: +7 -7
--delete2foldersonly Junk example.
----------------------------
revision 1.569
date: 2013/10/16 21:58:17; author: gilles; state: Exp; lines: +125 -39
Fixed bug on Windows with --tmpdir "E:\TEMP". The colon was badly converted to _, ending with "E_\TEMP".
The fix also automatically moves the old cache to the new one if the new does not exist yet.
Fix. Example for --delete2foldersonly "/Junk$/" in help message.
----------------------------
revision 1.568
date: 2013/09/28 02:43:51; author: gilles; state: Exp; lines: +25 -13
Bug fix. On Win32 trailing blanc in cache dir name raized an error. Blanc now move to underscore _.
----------------------------
revision 1.567
date: 2013/09/18 20:38:10; author: gilles; state: Exp; lines: +8 -7
Fixed a warning when RFC822.SIZE is null or undef.
----------------------------
revision 1.566
date: 2013/09/13 13:23:41; author: gilles; state: Exp; lines: +11 -12
Added --authmech EXTERNAL. Not tested yet.
----------------------------
revision 1.565
date: 2013/09/13 01:16:20; author: gilles; state: Exp; lines: +8 -6
Fusemail success.
RackSpace success.
|
|
|
|
|
|
(reported by Thomas Lazar), so instead express our local changes
with SUBST_SED at do-configure. Update to the latest TLS/SASL patch.
Bump PKGREVISION.
|
|
|
|
|
|
|
|
- fix --idle checking Python version incorrectly, resulting in
incorrect warning about running with Python < 2.5. Thanks: "Voytek",
Krzysztof Warzecha.
- add missing support for SSL certificate checking in POP3 which
broke POP retrieval in v4.45.0. Requires Python 2.6 or newer.
Thanks: "mancha".
|
|
Feature request #44: Allow override of the From: field on forensic
reports.
Feature request #45: Log the host portion of ignored
Authentication-Results fields at "debug" level.
Feature request #56: Add "RequiredHeaders" setting to enforce syntax
checks against a message and reject those that don't comply.
Feature request #65: Add "ForensicReportsBcc".
Fix bug #46: Charitable tweak to a couple of log messages.
Fix bug #55: The "SoftwareHeader" setting wasn't being set properly.
Fix bug #58: The "smtp.mailfrom" part of an Authentication-Results
field might contain only a domain name.
Fix bug #60: Default AuthservID to the name provided by the MTA,
not the local host name, which is consistent with what
OpenDKIM does.
Merge request #2: Validate external recipients before adding them to
report recipient lists.
Record all DKIM results to the history file, rather than only
passing results.
BUILD: Fix bug #50: Check libbsd for strlcat() and strlcpy() so we
don't make our own when we don't need to.
CONTRIB: Fix bug #52: Update path to draft RFC in contrib/spec.
CONTRIB: Fix bug #59: Allow database name, userid and password to be
specified on the command line rather than hard-coding them.
DOCS: Fix bug #48: Add a libopendmarc use overview page.
DOCS: Fix bug #53: Add man page for opendmarc-importstats.
REPORTS: Fix bug #51: Check status after every phase of SMTP when
sending reports.
REPORTS: Fix DKIM status importing.
LIBOPENDMARC: Fix bug #68: Fix strict/relaxed checking logic when
a public suffix list is available.
LIBOPENDMARC: Fixed a bug where in some instances the fetch of the
orgainizational domain could wrongly return the from domain.
LIBOPENDMARC: Fix call to missing function.
|
|
- exim-lookup-redis: allow quering redis from within the exim
config, needs hiredis
- opendmarc: enables DMARC support
Both are disabled by default.
|
