SHA256
1
0
forked from pool/neomutt
neomutt/neomutt.changes
David Sterba fdb3084c2a Accepting request 623626 from home:kbabioch:branches:server:mail
* Lots of bug fixes and vulnerability fixes:
    - CVE-2018-14349: Fixed mishandling of NO response without message in
      imap/command.c (bnc#1101589)
    - CVE-2018-14350: Fixed stack-based buffer overflow for FETCH response with
      long INTERNALDATE field in imap/message.c (bnc#1101588)
    - CVE-2018-14351: Fixed mishandling of a long IMAP status mailbox literal
      count size in imap/command.c (bnc#1101583)
    - CVE-2018-14352: Fixed stack-based buffer overflow in imap_quote_string in
      imap/util.c (bnc#1101582)
    - CVE-2018-14353: Fixed integer underflow in imap_quote_string in
      imap/util.c (bnc#1101581)
    - CVE-2018-14354: Fixed arbitrary command execution via backquote
      characters, related to the mailboxes command associated with manual
      subscription or unsubscription (bnc#1101578)
    - CVE-2018-14355: Fixed directory traversal in mailbox name in imap/util.c
      (bnc#1101577)
    - CVE-2018-14356: Fixed mishandling of zero-length UID in pop.c
      (bnc#1101576)
    - CVE-2018-14357: Fixed arbitrary command execution via backquote
      characters, related to mailboxes command associated with automatic
      subscription (bnc#1101573)
    - CVE-2018-14358: Fixed stack-based buffer overflow for FETCH response with
      long RFC822.SIZE field (bnc#1101571)
    - CVE-2018-14359: Fixed buffer overflow via base64 data (bnc#1101570)
    - CVE-2018-14360: Fixed stack-based buffer overflow because of incorrect
      sscanf usage in nntp_add_group in newsrc.c (bnc#1101569)
    - CVE-2018-14361: Fixed an code flow issue in nntp.c, which would proceed
      even if memory allocation failed for messages data (bnc#1101568)
    - CVE-2018-14362: Fixed unsafe interaction with message-cache pathnames in
      pop.c (bnc#1101567)

OBS-URL: https://build.opensuse.org/request/show/623626
OBS-URL: https://build.opensuse.org/package/show/server:mail/neomutt?expand=0&rev=17
2018-07-18 11:39:09 +00:00

242 lines
9.0 KiB
Plaintext

-------------------------------------------------------------------
Tue Jul 17 09:26:21 UTC 2018 - kbabioch@suse.com
- Updated to 20180716
* Feature: <check-stats> function
* Lots of bug fixes and vulnerability fixes:
- CVE-2018-14349: Fixed mishandling of NO response without message in
imap/command.c (bnc#1101589)
- CVE-2018-14350: Fixed stack-based buffer overflow for FETCH response with
long INTERNALDATE field in imap/message.c (bnc#1101588)
- CVE-2018-14351: Fixed mishandling of a long IMAP status mailbox literal
count size in imap/command.c (bnc#1101583)
- CVE-2018-14352: Fixed stack-based buffer overflow in imap_quote_string in
imap/util.c (bnc#1101582)
- CVE-2018-14353: Fixed integer underflow in imap_quote_string in
imap/util.c (bnc#1101581)
- CVE-2018-14354: Fixed arbitrary command execution via backquote
characters, related to the mailboxes command associated with manual
subscription or unsubscription (bnc#1101578)
- CVE-2018-14355: Fixed directory traversal in mailbox name in imap/util.c
(bnc#1101577)
- CVE-2018-14356: Fixed mishandling of zero-length UID in pop.c
(bnc#1101576)
- CVE-2018-14357: Fixed arbitrary command execution via backquote
characters, related to mailboxes command associated with automatic
subscription (bnc#1101573)
- CVE-2018-14358: Fixed stack-based buffer overflow for FETCH response with
long RFC822.SIZE field (bnc#1101571)
- CVE-2018-14359: Fixed buffer overflow via base64 data (bnc#1101570)
- CVE-2018-14360: Fixed stack-based buffer overflow because of incorrect
sscanf usage in nntp_add_group in newsrc.c (bnc#1101569)
- CVE-2018-14361: Fixed an code flow issue in nntp.c, which would proceed
even if memory allocation failed for messages data (bnc#1101568)
- CVE-2018-14362: Fixed unsafe interaction with message-cache pathnames in
pop.c (bnc#1101567)
- CVE-2018-14363: Fixed unsafe interaction with cache pathnames (containing
'/') in newsrc.c (bnc#1101566)
-------------------------------------------------------------------
Mon Jun 25 00:00:00 CEST 2018 - dsterba@suse.cz
- spec: move license files to the main package
- update to 20180622
* Features
- Expand variables inside backticks
- Honour SASL-IR IMAP capability in SASL PLAIN
* Bug Fixes
- Fix toggle-read
- Do not truncate shell commands on ; or #
- pager: index must be rebuilt on MUTT_REOPENED
- Handle a BAD response in AUTH PLAIN w/o initial response
- fcc_attach: Don't ask every time
- Enlarge path buffers PATH_MAX (4096)
- Move LSUB call from connection establishment to mailbox SELECTion
* Translations
- Update Chinese (Simplified): 100%
- Update Czech: 100%
- Update German: 100%
- Update Lithuanian: 100%
- Update Portuguese (Brazil): 100%
- Update Slovak: 59%
- Reduce duplication of messages
* Code
- Tidy up the mailbox API
- Tidy up the header cache API
- Tidy up the encryption API
- Add doxygen docs for more functions
- Refactor more structs to use STAILQ
-------------------------------------------------------------------
Mon May 14 00:00:00 CEST 2018 - dsterba@suse.cz
- spec cleanup
- update to 20180512
* Features
- echo command
- Add $browser_abbreviate_mailboxes
- Add ~M pattern to match mime Content-Types
- Add support for multipart/multilingual emails
- Jump to a collapsed email
- Add support for idn2 (IDNA2008)
* Bug Fixes
- Let mutt_ch_choose report conversion failure
- minor IMAP string handling fixes
* Translations
- Chinese (Simplified) (100%)
- Czech (100%)
- German (100%)
- Lithuanian (62%)
- Portuguese (Brazil) (100%)
* Coverity defects
- match prototypes to their functions
- make logic clearer
- reduce scope of variables
- fix coverity defects
* Docs
- development: analysis
- development: easy tasks
- development: roadmap
* Code
- start refactoring libconn
- split out progress functions
- split out window functions
- split out terminal setting
- convert MyVars to use TAILQ
- split mutt_file_{lock,unlock}
- Move IDN version string to mutt/idna.c
- refactor: init_locale()
- Eliminate static variable in mutt_file_dirname
* Tidy
- test int functions against 0
- rename lots of constants
- rename lots of functions
- sort lots of fields/definitions
* Upstream
- Increase account.user/login size to 128
- Fix comparison of flags with multiple bits set
- Change mutt_error call in mutt_gpgme_set_sender() to dprint
- Improve the error message when a signature is missing
- pager specific "show incoming mailboxes list" macro
- Improve gss debug printing of status_string
- Remove trailing null count from gss_buffer_desc.length field
- Add a comment in auth_gss about RFCs and null-termination
- Change prompt string for $crypt_verify_sig
-------------------------------------------------------------------
Fri Mar 23 00:00:00 CET 2018 - dsterba@suse.cz
- update to 20180323
* Features
- unify logging/messaging
- add alert (blink) colors
* Contrib
- Vim syntax for NeoMutt log files
* Bug Fixes
- Fix progress bar range
- notmuch: stop if db open fails
- Improve index color cache flushing behavior
- lua: fix crash when setting a string
* Translations
- Update Czech translation (100%)
- Update German translation (100%)
- Update Polish translation (94%)
- Update Portuguese (BR) translation (100%)
- Update Spanish translation (64%)
- Update Turkish translation (75%)
- Merge simliar messages
* Docs
- Clarify precedence of settings in config files
- Fix subjectrx example in the manual
* Website
- Update Gentoo distro page
- Devel: Static analysis
* Build
- Support —with-sysroot configure arg
- Expose EXTRA_CFLAGS_FOR_BUILD and EXTRA_LDFLAGS_FOR_BUIlD
- Update to latest autosetup
- Make sure git_ver.h doesn't eat random 'g's out of tag names
* Code
- Refactor to reduce complexity
- Refactor to reduce variables' scope
- Sort functions/config to make docs more legible
-------------------------------------------------------------------
Wed Feb 28 00:00:00 CET 2018 - dsterba@suse.cz
- spec cleanup
- move manual.txt from neomutt-doc as it's bound to F1 key
-------------------------------------------------------------------
Fri Feb 23 00:00:00 CET 2018 - dsterba@suse.cz
- update to 20180223
* Features
- browser: `<goto-parent>` function bound to "p"
- editor: `<history-search>` function bound to "Ctrl-r"
- Cygwin support: https://www.neomutt.org/distro/cygwin
- OpenSUSE support: https://www.neomutt.org/distro/suse
- Upstream Homebrew support: Very soon - https://www.neomutt.org/distro/homebrew
* Bug Fixes
- gmail server-size search
- nested-if: correctly handle "<" and ">" with %?
- display of special chars
- lua: enable myvars
- for pgpewrap in default gpg.rc
- reply_regexp which wasn't formatted correctly.
- parsing of urls containing '?'
- out-of-bounds read in mutt_str_lws_len
* Translations
- Review fuzzy lt translations
- Updated French translation
* Website
- Installation guide for Cygwin
- Installation guide for OpenSUSE
- Installation guide for CRUX
* Build
- check that DTDs are installed
- autosetup improvements
- option for which version of bdb to use
- drop test for resizeterm -- it's always present
* Code
- split if's containing assignments
- doxygen: add/improve comments
- rename functions / parameters for consistency
- add missing {}s for clarity
- move functions to library
- reduce scope of variables
- boolify more variables
- iwyu: remove unnecessary headers
- name unicode chars
- tailq: migrate parameter api
- md5: refactor and tidy
- rfc2047: refactor and tidy
- buffer: improvements
- create unit test framework
- fix several coverity defects
* Upstream
- Fix s/mime certificate deletion bug
- Disable message security if the backend is not available
- Fix improper signed int conversion of IMAP uid and msn values
- Change imap literal counts to parse and store unsigned ints
- Fix imap status count range check
- cmd_handle_fatal: make error message a bit more descriptive
- Create pgp and s/mime default and sign_as key vars
- Add missing setup calls when resuming encrypted drafts
- mutt_pretty_size: show real number for small files
- examine_directory: set directory/symlink size to zero
- Add history-search function, bound to ctrl-r
- Avoid a potential integer overflow if a Content-Length value is huge
-------------------------------------------------------------------
Fri Dec 29 00:00:00 CET 2017 - dsterba@suse.cz
- update to 2017-12-15
- use autosetup instead of autotools
- regression fixes
-------------------------------------------------------------------
Tue Nov 28 00:00:00 CET 2017 - dsterba@suse.cz
- neomutt 2017-12-08