Subject: CVS commit: pkgsrc/mail/alpine
From: Benny Siegert
Date: 2020-11-23 17:36:03
Message id: 20201123163603.AE5E3FA9D@cvs.NetBSD.org

Log Message:
Update alpine to 2.24.

Alpine 2.23

  * Implementation of XOAUTH2 authentication support for Outlook. Based on
    documentation suggested by Andrew C Aitchison.
  * Add support for the OAUTHBEARER authentication method in Gmail. Thanks to
    Alexander Perlis for suggesting it and explaining how the method works.
  * Creation of Alpine's Privacy Policy. This is presented as a link to an
    online document from the Release Notes (Link at the top of this document.)
    Upon user request, Alpine downloads and displays this document. Links to
    the privacy policy are also displayed when a user starts Alpine for the
    first time, or when a user starts a new version of Alpine. There is no
    default exit greeting command for these screens, and to exit the user must
    press "E", instead of the old default, which was the RETURN \ 
command. The
    RETURN command will open the handle on which the cursor is on, which by
    default is the Privacy Policy.
  * Support for the SASL-IR IMAP extension that avoids a round trip during
    authentication. Similar support added for the SMTP, NNTP and POP3
    protocols. Thanks to Geoffrey Bodwin for a report that lead to this
    implementation.
  * Alpine can pass an HTML message to an external web browser, by using the
    "External" command in the ATTACHMENT INDEX screen.
  * New configuration variable external-command-loads-inline-images-oly that
    controls if Alpine will keep the source link to all the images in the HTML
    message, or will only pass a link to inline images included in the message.
    For your privacy and security this feature is enabled by default.
  * When reading an email and a user selects an email address to which to
    compose a message from the message, the user will be able to select a role
    to compose that message.
  * New variable system-certs-path that allows users to indicate the location
    of the directory where certificates are located. In PC-Alpine this must be
    C:\libressl\ssl\certs. The C: drive can be replaced by the name of the
    drive where the binary and DLL files are located.
  * New variable system-certs-file that allows users to configure the location
    of a container of certificate authority (CA) certificates to be used to
    validate certificates of remote servers.
  * Remove sleep of 5 seconds for mailcap programs that use the terminal to
    display content. Suggested by Carl Edquist. In addition, remove
    configurable process table command and its corresponding sleep time.

Bugs that have been addressed include:

  * Security Bug: Alpine can be configured to start a secure connection using
    /tls on an insecure connection. However, if the connection is PREAUTH,
    Alpine will not upgrade the connection to a secure connection, because a
    client must not issue a STARTTLS to a server that supports it in
    authenticated state.  This makes Alpine continue to use an insecure
    connection with the server, exposing user data. Reported by Damian
    Poddebniak and Fabian Ising from Muenster University of Applied Sciences.
  * Selecting by subject might not copy the subject of the current message to
    the selection text correctly. Reported by Iosif Fettich.
  * Alpine does not set the return path correctly when using a role while
    bouncing a message. Reported by Dr. C. Griewatsch.
  * Bug in PC-Alpine that made Alpine go into an infinite loop and consume CPU
    when it was iconized. Reported by Holger Schieferdecker in comp.mail.pine.
  * Crash in Alpine when attempting to reply to a multipart/alternative message
    that is malformed, and the option to include attachments in reply is
    enabled.  Reported and patched by Peter Tirsek.
  * Bug that makes Alpine split encoded words in the subject of a message in
    the middle of a utf-8 character into two encoded words, breaking the
    encoding.  Reported by Jean Chevalier.
  * Alpine would not redraw the screen when a check for new mail in an incoming
    folder failed due to a failure while validating the server certificate,
    and the user did not allow the connection to proceed.
  * Crash in Alpine while resizing the screen when using any of the tokens
    SUBJKEYTEXT, SUBJECTTEXT, or SUBJKEYINITTEXT in the index format, and the
    screen was resized. Reported by Iggy Mogo.
  * When Alpine is trying to authenticate to Gmail, using the XOAUTH2 method,
    it does not display the url the user needs to open, in order to authorize
    Alpine to access Gmail using XOAUTH2 when Alpine still has not created a
    screen. Reported by Baron Fujimoto.
  * When an html anchor does not quote the link in the href parameter, alpine
    does not link to it.
  * Attempt to fix a bug that breaks scrolling of a message in Alpine when the
    screen is resized. Reported in the Debian bug system at
    https://bugs.debian.org/cgi-bin/bugreport.cgie?bug=956361.

Alpine 2.24

  * Implementation of XOAUTH2 for Yahoo! Mail.
  * Expansion of the configuration screen for XOAUTH2 to include username,
    authorization flow, and tenant.
  * XOAUTH2: automatic renew of access token and connection to a server within
    60 seconds of expiration of the access token.
  * If a user has more than one client-id for a service, Alpine asks the user
    which client-id to use and associates that client-id to the credentials in
    the XOAUTH2 configuration screen.
  * Addition of Yandex.com to the list of services that Alpine can use XOAUTH2
    to authenticate for reading and sending email.
  * Addition of a link to the Apache License 2.0 (see above). This is available
    from the Release Notes as well as the welcome screen.
  * Modifications to protect the privacy of users:
      + Alpine does not generate Sender or X-X-Sender by default by enabling
        [X] Disable Sender as the default.
      + Alpine does not disclose User Agent by default by enabling [X] Suppress
        User Agent by default.
      + Alpine uses the domain in the From: header of a message to generate a
        message-id and suppresses all information about Alpine, version,
	revision, and time of generation of the message-id from this header.
	This information is replaced by a random string.
  * Unix Alpine displays configure options and flags when invoked as "alpine
    -v". Suggested by Matt Ackeret.
  * Alpine will ding the terminal bell when asking about quitting when new mail
    arrives. This is consistent with Alpine dinging the bell when new mail
    arrives.  The bell will not ding if it is disabled for status messages.
    Suggested by Chime Hart.
  * When messages are selected, pressing the ";" command to broaden or \ 
narrow a
    search, now offers the possibility to completely replace the search, and is
    almost equivalent to being a shortcut to "unselect all messages, and select
    again". The difference is that cancelling this command will not unselect
    all currently selected messages. Suggested by Holger Trapp.
  * Alpine will not write debug files unless started with the option -d, so for
    example "alpine -d 2" will generate a debug file at level 2, but just
    issuing the alpine command will not write any debug to a file.
  * Experimental: Attempt to implement the Encryption Range in Windows. It
    works in Windows 10, and it should work in Windows 8.1. It needs testing in
    Windows 7 and Windows Vista.
  * Addition of variables user-certs-path and user-certs-file which allow a
    user to specify locations for certificates that the user trusts.
  * Ignore non-empty initial challenge in the GSSAPI authenticator. Based on a
    patch written by Jarek Polok, but submitted by Ignacio Reguero.
  * When a server expires a refresh token, Alpine needs to cancel it
    internally. Alpine will attempt to get a new one when it reopens the folder
    after it cancels it.
  * Set up the IMAP ID at the moment of logging in to the server, rather than
    as a one time option, in case we need to use a special IMAP ID.

Bugs that have been addressed include:

  * When Alpine starts a PREAUTH connection, it might still ask the user to
    login. Reported by Frank Tobin.
  * Crash while resizing the screen when viewing a calendar event.
  * When Alpine opens a folder in a server whose address is given numerically
    it might crash due to an incorrect freeing of memory. Reported by Wang
    Kang.
  * Crash when Alpine frees memory on a system where LC_CTYPE is not
    configured, and the user calls the file browser to attach files to a
    message. Reported by Luis Gerardo Tejero.
  * Invalid signatures created by Alpine, when built with recent releases of
    the Openssl-1.1.1 series (but not in the Openssl-1.0.1 series). Fix
    contributed by Bernd Edlinger.
  * After returning from the directory side of a dual-folder, sometimes Alpine
    would return to the first folder in the parent directory or to the
    dual-folder.  The fix is to return to the original dual-folder as intended.
    Reported by Holger Trapp.
  * When an attachment is deleted and the original message is saved, Alpine
    might write only a part of the name of the file deleted. Reported by Holger
    Trapp.
  * URLs that are surrounded by white space are not cleaned by Alpine before
    passing them to the browser, resulting in no display of the URL when Alpine
    tries to open it. Reported by Gregory Heytings.
  * When Alpine is built without smime, password file functionality might fail.
    Reported by Andres Fehr.
  * Crash in PC-Alpine when using the eXternal command.
  * Fix in Macs that made Alpine abort a ssh connection to an imap server.
    Reported and assisted by Wang Kang.

Files:
RevisionActionfile
1.47modifypkgsrc/mail/alpine/Makefile
1.25modifypkgsrc/mail/alpine/distinfo
1.2modifypkgsrc/mail/alpine/patches/patch-imap_src_c-client_auth_gss.c