Path to this page:
./
mail/alpine,
Program for Internet News and E-mail
Branch: pkgsrc-2021Q3,
Version: 2.25,
Package name: alpine-2.25,
Maintainer: pkgsrc-usersAlpine is the replacement for the Pine email and news client.
Alpine is a screen-oriented message-handling tool. In its default
configuration, Alpine offers an intentionally limited set of
functions geared toward the novice user, but it also has a large
list of optional "power-user" and personal-preference features.
This package currently only installs the alpine binary, excluding
the pilot and pico binaries which would cause it to conflict with
the pine package.
Master sites:
Version history: (Expand)
- (2021-10-17) Updated to version: alpine-2.25
- (2021-09-28) Package added to pkgsrc.se, version alpine-2.24 (created)
CVS history: (Expand)
2021-10-17 18:41:33 by Thomas Merkel | Files touched by this commit (3) |
Log message:
Pullup ticket #6521 - requested by nia
mail/alpine: security fix
Revisions pulled up:
- mail/alpine/Makefile 1.48
- mail/alpine/distinfo 1.27
- mail/alpine/patches/patch-imap_src_mtest_mtest.c deleted
---
Module Name: pkgsrc
Committed By: nia
Date: Sun Oct 17 09:49:10 UTC 2021
Modified Files:
pkgsrc/mail/alpine: Makefile distinfo
Removed Files:
pkgsrc/mail/alpine/patches: patch-imap_src_mtest_mtest.c
Log message:
alpine: Update to 2.25.
pkgsrc changes and notes:
- According to the release notes, this fixes CVE-2021-38370 by
Damian Poddebniak.
- I have added the maildir patch, as FreeBSD does, because it seems
useful.
- I have removed the non-trivial patch for OpenBSD, because going by
OpenBSD's ports repository it's no longer necessary at all.
Version 2.25 includes several new features and bug fixes.
Additions include:
* Unix Alpine: New configuration variable ssl-ciphers that allows users
to list the ciphers to use when connecting to a SSL server. Based on a
collaboration with Professor Martin Trusler.
* New hidden feature enable-delete-before-writing to add support for
terminals that need lines to be deleted before being written. Based on
a collaboration with Professor Martin Trusler.
* Experimental: The instruction to remove the double quotes from the
processing of customized headers existed in pine, but it was removed
in alpine. Restoring old Alpine behavior. See this
* Add the capability to record http debug. This is necessary to debug
XOAUTH2 authentication, and records sensitive login information. Do
not share your debug file if you use this form of debug.
* Remove the ability to choose between the device and authorize methods
to login to outlook, since the original client-id can only be used for
the device method. One needs a special client-id and client-secret to
use the authorize method in Outlook.
* PC-Alpine only: Some service providers produce access tokens that are
too long to save in the Windows Credentials, so the access tokens will
be split and saved as several pieces. This means that old versions of
Alpine will NOT be able to use saved passwords once this new version
of Alpine is used.
* PC-Alpine: Debug files used to be created with extension .txt1, .txt2,
etc. Rename those files so that they have extension .txt.
* Always follow **suppress-asterisks-in-password-prompt** setting in
the various password prompts. Submitted by tienne Deparis.
* Use 'alpine -F' instead of 'pine -F' as the browser default pager.
Submitted by tienne Deparis.
* Introduction of OTHER CMDS menu for the browser/pilot to let people
discover the two new commands: "1" is a toggle that switches \
between 1
column and multicolumn mode. The "." command toggles between \
hiding or
showing hidden files, and the "G" command to travel between
directories. Contributed by tienne Deparis.
* Add option -xoauth2-flow to the command line, so that users can
specify the parameters to set up an xoauth2 connection through the
command line.
* Alpine deletes, from its internal memory and external cache, passwords
that do not work, even if they were saved by the user.
* New format for saving passwords in the windows credential manager for
PC-Alpine. Upon starting this new version of Alpine the passwords
saved in the credential manager are converted to the new format and
they will not be recognized by old versions of Alpine, but only by
this and newer versions of Alpine.
* Enabled encryption protocols in PC-Alpine are based on those enabled
in the system, unless one is specified directly.
Bugs that have been addressed include:
* The c-client library parses information from an IMAP server during
non-authenticated state which could lead to denial of service.
Reported by Damian Poddebniak from Mnster University of Applied
Sciences.
* Memory corruption when alpine searches for a string that is an
incomplete utf8 string in a local folder. This could happen by
chopping a string to make it fit a buffer without regard to its
content. We fix the string so that chopping it does not damage it.
Reported by Andrew.
* Crash in the ntlm authenticator when the user name does not include a
domain. Reported and fixed by Anders Skargren.
* When forwarding a message, replacing an attachment might make Alpine
re-attach the original attachment. Reported by Michael Traxler.
* When an attachment is deleted, the saved message with the deleted
attachment contains extra null characters after the end of the
attachment boundary.
* Tcp and http debug information is not printed unless the default debug
level is set to 1. Print this if requested, regardless of what the
default debug level is.
* When trying to select a folder for saving a message, one can only
enter a subfolder by pressing the ">" command, rather \
than the normal
navigation by pressing "Return". Reported by Ulf-Dietrich \
Braunmann.
* Crash when attempting to remove a configuration for a XOAUTH2 server
that has no usernames configured.
* Crash caused by saving (and resaving) XOAUTH2 refresh and access
tokens in PC-Alpine. Reported by Karl Lindauer.
|