From 7fe712882b909931088a318c08041b0e7974a000 Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Sat, 2 Nov 2013 02:51:18 -0600 Subject: * Update to version 2.19.1 * Upgrade UW-IMAP to Panda IMAP from https://github.com/jonabbey/panda-imap. * Replace tabs by spaces in From and Subject fields to control for size in screen of these fields. Change only in index screen display. --- imap/docs/RELNOTES | 159 +++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 142 insertions(+), 17 deletions(-) (limited to 'imap/docs/RELNOTES') diff --git a/imap/docs/RELNOTES b/imap/docs/RELNOTES index 5cfd9132..80e17967 100644 --- a/imap/docs/RELNOTES +++ b/imap/docs/RELNOTES @@ -1,29 +1,154 @@ /* ======================================================================== - * Copyright 1988-2008 University of Washington - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * + * Copyright 2012 Mark Crispin * ======================================================================== */ -Updated: 16 December 2008 -imap-2007e is a maintenance release, consisting primarily of bugfixes to -problems discovered in the release that affected a small number of users -plus a security fix for users of the RFC822BUFFER routines. +Updated: 21 February 2012 + +imap-2010 is Panda IMAP, forked from the University of Washington's +final imap-2007b. + +Update version and copyright information. + +New compare_string() routine which implements i;octet collation. + +compare_cstring() now collates "[", "\", "]", and "_" after alphabetics to +be consistent with how i;unicode-casemap is defined. + +i;unicode-casemap collation now uses compare_string() instead of +compare_cstring(). The case-mapping of compare_cstring() is unnecessary +because the strings have already been titlecased and decomposed via +U8T_CANONICAL conversion. The previous version of compare_cstring() +casemapped via conversion to lowercase, which violates of RFC 5051 for +characters "[", "\", "]", and "_". + +Fix tag parsing to avoid HTML/IMAP cross script vulnerability problem. Tags +are now syntax checked and the connection is closed after a bad command when +not logged in. + +Fix address sorting when the address list started with a group and the +message had not yet been parsed. Also, cc sorting did not handle +additional cc lines (as opposed to continuation lines) correctly. + +Fix server terminations when a status request signal is received while in +command input wait. + +Fix crash if SMTP server closes the session right before a QUIT is sent. + +Fix crash on some systems if IMAP server sends negative value for literal +size count. + +Mailbox compression ("burping") can now occur during IMAP IDLE. + +Fix root-compromise security bug in tmail, and user-compromise security bug +in dmail. + +Extend mailutil's -u flag to parse arguments in the context of the -u user +and disregard any restrictBox settings. + +Restrict SSL/TLS encryption algorithms to be PCI auditing compliant. + +Fix possible memory corruption problem in imapd. + +Fix longstanding problem in parsing lowercase FETCH attributes in IMAP after +a literal. + +Fix memory leak problem burping mix format mailboxes. + +Fix crash with -I switch in tmail caused by reference to uninitialized +variable. + +Fix reference to freed memory space in mix burping that led to attempts to +delete arbitrary file names. + +Fix crash when string output in RFC822 routines exactly matches the buffer +size. + +Fix crash in IMAP client on Windows in certain circumstances when IMAP +server disconnects while reading a response. + +Fix incorrect legacy INBOX file name creation on black box systems. + +Fix exploitable buffer overrun problem. + +Support QNX 6 + +Fix a problem that could cause mix mailbox corruption. +Rewrite imapd's signal handling (again) to fix corrupt in traditional UNIX +mailbox files. -Updated: 29 October 2008 +Recognize when the client is BlackBerry Internet Service, and allow mailbox +burping even when readonly. -imap-2007d is a maintenance release, consisting primarily of bugfixes to -problems discovered in the release that affected a small number of users -plus a security fix for users of tmail or dmail. +Fix a crash in the IMAP client code caused by non-compliant servers. +Fix problem in scandir code triggered by ZFS on Solaris. + +Fix quoted-printable handling in error case. + +OpenSSL 1.0.0 compatibility (OpenSSL has a STRING type) + +Fix Shift-JIS decoding. + +New oxs port for building under Mac OS X Snow Leopard. + +Fixes to build cleanly in new 64-bit gcc. + +Prevent crash if session closed unexpectedly during SSL I/O. + +Fix IMAP namespace handling. + +Detect corruption when message added with out of order UID. + +The c-client library is now thread-safe in the IPv6 version of the UNIX and +Windows builds. IPv4 and legacy (e.g., DOS, VMS) builds are NOT thread-safe. + +Fixed a memory leak that occurs each time a TCP connection is open. + +Fixed UTF-8 input validation; some valid UTF-8 sequences were rejected and +some invalid ones where accepted. + +Fix incorrect message message deletion in UID EXPUNGE. + +Fix crash in internal rfc822 parsing routines if external consumer calls +with a null defaulthost. + +Workaround to support iPhone/iPod Touch running iOS4. + +Fix buffer overflow in IMAP client code. + +Fix thread safety issues in MD5 authentication and subscription manager. + +Fix additional buffer overflows in IMAP client code. + +Fix memory name in IPv6 DNS lookup. + +Up to three bad commands permitted when not logged in to avoid problems with +clients that don't check capabilities. + +Fix off-by-one error in SASL-IR authentication. + +Fix memory leak when server sends invalid BODYSTRUCTURE data. + +Fix threading problem creating TCP socket. + +Fix loop caused by syntax errors from GMail IMAP server. + +Fix over-quota problem. + +/* + * Previous versions of this file were + * + * Copyright 1988-2008 University of Washington + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ Updated: 25 March 2008 -- cgit v1.2.3-70-g09d2