--- - branch: pkgsrc-2021Q3 date: Sun Oct 17 16:41:33 UTC 2021 files: - new: 1.47.8.1 old: '1.47' path: pkgsrc/mail/alpine/Makefile pathrev: pkgsrc/mail/alpine/Makefile@1.47.8.1 type: modified - new: 1.25.8.1 old: '1.25' path: pkgsrc/mail/alpine/distinfo pathrev: pkgsrc/mail/alpine/distinfo@1.25.8.1 type: modified - new: '0' old: '1.3' path: pkgsrc/mail/alpine/patches/patch-imap_src_mtest_mtest.c pathrev: pkgsrc/mail/alpine/patches/patch-imap_src_mtest_mtest.c@0 type: deleted id: 20211017T164133Z.077ed208415fd52c1f19ef8bab8d47519d6e5a62 log: "Pullup ticket #6521 - requested by nia\nmail/alpine: security fix\n\nRevisions pulled up:\n- mail/alpine/Makefile 1.48\n- mail/alpine/distinfo 1.27\n- mail/alpine/patches/patch-imap_src_mtest_mtest.c \ deleted\n\n---\n Module Name:\tpkgsrc\n Committed By:\tnia\n \ Date:\t\tSun Oct 17 09:49:10 UTC 2021\n\n Modified Files:\n \tpkgsrc/mail/alpine: Makefile distinfo\n Removed Files:\n \tpkgsrc/mail/alpine/patches: patch-imap_src_mtest_mtest.c\n\n \ Log Message:\n alpine: Update to 2.25.\n\n pkgsrc changes and notes:\n\n \ - According to the release notes, this fixes CVE-2021-38370 by\n Damian Poddebniak.\n - I have added the maildir patch, as FreeBSD does, because it seems\n useful.\n - I have removed the non-trivial patch for OpenBSD, because going by\n OpenBSD's ports repository it's no longer necessary at all.\n\n \ Version 2.25 includes several new features and bug fixes.\n\n Additions include:\n * Unix Alpine: New configuration variable ssl-ciphers that allows users\n to list the ciphers to use when connecting to a SSL server. Based on a\n collaboration with Professor Martin Trusler.\n * New hidden feature enable-delete-before-writing to add support for\n terminals that need lines to be deleted before being written. Based on\n a collaboration with Professor Martin Trusler.\n * Experimental: The instruction to remove the double quotes from the\n processing of customized headers existed in pine, but it was removed\n in alpine. Restoring old Alpine behavior. See this\n * Add the capability to record http debug. This is necessary to debug\n XOAUTH2 authentication, and records sensitive login information. Do\n not share your debug file if you use this form of debug.\n * Remove the ability to choose between the device and authorize methods\n to login to outlook, since the original client-id can only be used for\n the device method. One needs a special client-id and client-secret to\n use the authorize method in Outlook.\n * PC-Alpine only: Some service providers produce access tokens that are\n too long to save in the Windows Credentials, so the access tokens will\n be split and saved as several pieces. This means that old versions of\n Alpine will NOT be able to use saved passwords once this new version\n of Alpine is used.\n * PC-Alpine: Debug files used to be created with extension .txt1, .txt2,\n etc. Rename those files so that they have extension .txt.\n * Always follow **suppress-asterisks-in-password-prompt** setting in\n the various password prompts. Submitted by tienne Deparis.\n \ * Use 'alpine -F' instead of 'pine -F' as the browser default pager.\n \ Submitted by tienne Deparis.\n * Introduction of OTHER CMDS menu for the browser/pilot to let people\n discover the two new commands: \"1\" is a toggle that switches between 1\n column and multicolumn mode. The \".\" command toggles between hiding or\n showing hidden files, and the \"G\" command to travel between\n directories. Contributed by tienne Deparis.\n * Add option -xoauth2-flow to the command line, so that users can\n specify the parameters to set up an xoauth2 connection through the\n command line.\n * Alpine deletes, from its internal memory and external cache, passwords\n that do not work, even if they were saved by the user.\n * New format for saving passwords in the windows credential manager for\n PC-Alpine. Upon starting this new version of Alpine the passwords\n saved in the credential manager are converted to the new format and\n they will not be recognized by old versions of Alpine, but only by\n this and newer versions of Alpine.\n * Enabled encryption protocols in PC-Alpine are based on those enabled\n in the system, unless one is specified directly.\n\n Bugs that have been addressed include:\n * The c-client library parses information from an IMAP server during\n non-authenticated state which could lead to denial of service.\n Reported by Damian Poddebniak from Mnster University of Applied\n Sciences.\n * Memory corruption when alpine searches for a string that is an\n incomplete utf8 string in a local folder. This could happen by\n chopping a string to make it fit a buffer without regard to its\n content. We fix the string so that chopping it does not damage it.\n Reported by Andrew.\n * Crash in the ntlm authenticator when the user name does not include a\n domain. Reported and fixed by Anders Skargren.\n * When forwarding a message, replacing an attachment might make Alpine\n re-attach the original attachment. Reported by Michael Traxler.\n * When an attachment is deleted, the saved message with the deleted\n attachment contains extra null characters after the end of the\n attachment boundary.\n * Tcp and http debug information is not printed unless the default debug\n level is set to 1. Print this if requested, regardless of what the\n default debug level is.\n * When trying to select a folder for saving a message, one can only\n \ enter a subfolder by pressing the \">\" command, rather than the normal\n \ navigation by pressing \"Return\". Reported by Ulf-Dietrich Braunmann.\n \ * Crash when attempting to remove a configuration for a XOAUTH2 server\n \ that has no usernames configured.\n * Crash caused by saving (and resaving) XOAUTH2 refresh and access\n tokens in PC-Alpine. Reported by Karl Lindauer.\n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2021Q3] pkgsrc/mail/alpine' unixtime: '1634488893' user: tm