File: NEWS

package info (click to toggle)
mpop 1.0.27-1
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 1,824 kB
  • sloc: ansic: 11,729; sh: 4,590; python: 121; makefile: 72; sed: 16
file content (285 lines) | stat: -rw-r--r-- 11,004 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
Version 1.0.27:
- No significant changes.

Version 1.0.26:
- No significant changes.

Version 1.0.25:
- DIGEST-MD5 authentication is not considered secure any longer. See RFC 6331.

Version 1.0.24:
- The build system was updated, and as a consequence some options to the
  configure script have changed. See './configure --help'.
- The license of the manual was changed from the GNU FDL to a very simple
  permissive license.
- Unmaintained translations (es, pt_BR) were removed.

Version 1.0.23:
- No significant changes.

Version 1.0.22:
- A new command 'received_header' with a corresponding '--received-header'
  option allows to disable the default Received header if required.
- A new command 'passwordeval' with a corresponding '--passwordeval' option
  allows to set the password to the output of a command.

Version 1.0.21:
- No significant changes.

Version 1.0.20:
- Added support for authentication mechanism SCRAM-SHA-1 via GNU SASL.
- The new command tls_fingerprint allows one to trust one particular TLS
  certificate, in case tls_trust_file cannot be used for some reason.
- The new script mpop-gnome-tool.py manages Gnome Keyring passwords for mpop.

Version 1.0.19:
- When using OpenSSL, mpop now correctly handles NUL characters in the Common
  Name and Subject Alternative Name fields of certificates. This fixes a 
  security problem. Note that mpop is not affected by this problem if GnuTLS is
  used.
- Mpop can now handle mail boxes larger than 2 GiB on 32bit systems. Previously,
  this only worked on 64bit systems.

Version 1.0.18:
- Delivery to MS Exchange pickup directories is now supported, thanks to Julien
  Larigaldie.

Version 1.0.17:
- No significant changes.

Version 1.0.16:
- Mpop now also reads SYSCONFDIR/netrc if the password was not found in
  ~/.netrc.
- Support for the GNOME keyring was added by Satoru SATOH.

Version 1.0.15:
- This version fixes two bad bugs that prevented mpop from correctly retrieving
  mails under certain cicumstances.

Version 1.0.14:
- The configuration command tls_crl_file was added. This allows to use 
  certificate revocation lists (CRLs) during certificate verification.
- The configuration command tls_min_dh_prime_bits was added. This is needed to
  use TLS/SSL with servers that use a small Diffie-Hellman (DH) prime size.
- The configuration command tls_priorities was added. This allows to fine tune 
  TLS/SSL session parameters.

Version 1.0.13: 
- Support for the Mac OS X keychain was added by Jay Soffian.

Version 1.0.12:
- No significant changes.

Version 1.0.11:
- The license was updated to GPLv3 or later (source code) and GFDLv1.2 or later
  (documentation).
- Bug fixes and improvements for large POP3 mail boxes with thousands of mails 
  were made.

Version 1.0.10:
- A bug in the UID handling code was fixed. The bug was introduced in version
  1.0.7. As a consequence, if you update from version 1.0.7-1.0.9, the first 
  invocation of this new mpop version will download all mails from the server, 
  even mails that were retrieved before.

Version 1.0.9: 
- Security fix:
  - APOP authentication is vulnerable to man-in-the-middle attacks. See 
    CVE-2007-1558. Such attacks might lead to password disclosure.
    Therefore, mpop does not use APOP automatically without TLS anymore.
    Additionally, mpop's checks on the APOP challenge were too lax in previous
    versions, making attacks easier than necessary. This has been fixed.
- Security improvements:
  - NTLM authentication is considered insecure because it is undocumented. It 
    is therefore not used automatically without TLS anymore.
  - TLS requires tls_trust_file or a disabled tls_certcheck now, so that it is 
    not silently vulnerable to man-in-the-middle attacks.

Version 1.0.8:
- Improved workarounds for POP3 servers that are not exactly RFC conformant.
  For example, pipelining is now enabled automatically for pop.gmail.com and
  some other servers.

Version 1.0.7:
- Mpop now works with the Comcast.net POP3 server, thanks to a patch by 
  Benji Fisher.

Version 1.0.6:
- The default setting for pipelining is now "auto". "on" and "off" now have a 
  slightly different meaning: they force pipelining on or off regardless of 
  server capabilities.
  If you use pipelining=on and your POP3 sessions hang, switch to 
  pipelining=auto.

Version 1.0.5:
- No significant changes.

Version 1.0.4:
- No significant changes.

Version 1.0.3:
- A spanish translation was added by Carlos Martín Nieto. Thanks a lot!
- GNU SASL support works again (it was broken in 1.0.2).

Version 1.0.2:
- The configuration command tls_force_sslv3 was added. This is needed to use
  TLS/SSL with some old and broken servers.

Version 1.0.1:
- The default UIDLS file changed from "~/.mpop_uidls" to 
  "~/.mpop_uidls/%U_at_%H".
  %U and %H will be replaced with the user and host name of an account.
  This means that every account uses its own UIDLS file now.

  !!! IMPORTANT !!!

  If you update from mpop-1.0.0, you *must* do one of the following:
  - If your ~/.mpop_uidls file contains no UIDs, delete it.
  - If you want to keep using it, add the following line to the "defaults"
    section of your configuration file:
    uidls_file ~/.mpop_uidls

Version 1.0.0:
- Added the option --all-accounts (-a) to query all accounts in the 
  configuration file. Changed the short option for --auth-only from -a to -A.

Version 0.8.5:
- Removed the simple_mbox delivery method because it is unnecessary. Please use
  the mbox method instead.
- Optional support for Internationalized Domain Names (IDN) was added.
  GNU Libidn is required for this.
- mpop will now respond to CTRL+C immediately, because all network operations
  are now interruptible. 
- The options of the configure script have changed! Please read the file INSTALL
  for more information.
- Some minor bugfixes and improvements were made.

Version 0.8.4:
- The only_new command and --only-new option were re-added, but with a slightly
  different meaning. The default behaviour is compatible to previous 0.8.x 
  versions.

Version 0.8.3:
- UIDLS files created by versions prior to 0.5.0 are not accepted anymore.

Version 0.8.2:
- Removed the OpenSSL exception note from the license information.

Version 0.8.1:
- Bugfix: Don't leave stale messages on the server.

Version 0.8.0:
- Fixed handling of servers that do not support pipelining.
- mpop will now always remember mails that were already retrieved and delivered,
  even in case of errors or program termination. These mails will never be 
  retrieved a second time. The only_new command and only-new option were 
  therefore removed.
- The 'connect_timeout' setting was replaced by a 'timeout' setting that applies
  to all network operations.

Version 0.7.0:
- Native language support (NLS) was added. Currently the only supported language
  besides english is german, but it is easy to add more translations (hint, 
  hint)!
- When delivering mail, mpop adds a Received header now
- The parameters pipeline_min and pipeline_max are no longer configurable; they
  are compile time constants now.
- Minor improvements all over the place

Version 0.6.3:
- No new festures, just bugfixes.

Version 0.6.2:
- Delivery to maildir folder is now possible. Example:
  delivery maildir ~/Mail/incoming
- Filter scripts can now use the envelope from address and the size of a mail.
  Example:
  filter ~/bin/my-pop3-filter.sh --from=%F --size=%S  

Version 0.6.1:
- This is a hotfix release because of the following error:
  If TLS is not used and a mail with a line longer than 1023 characters is read,
  a null character was wrongly inserted into that line.

Version 0.6.0:
- Implemented delivery to mbox mailboxes. There are now two methods to deliver
  mails: mda and mbox. You can choose one with the new "delivery" command.
  BEWARE: When switching from 0.5.0, you need to convert your configuration
          file to use the new command by inserting "delivery" before all "mda"
	  commands.

Version 0.5.0:
- Speed improvements through network efficient POP3 command usage and faster 
  UID comparison. Use the pipelining command to speed up your POP3 sessions.
- Added support for the .netrc file: If a password is needed but none is given,
  mpop will try to find it in ~/.netrc, and if that fails, mpop will prompt you 
  for it.
- Nicer output

Version 0.4.3:
- One important bugfix (potential segfault)

Version 0.4.2:
- mpop can now keep track of already retrieved mails. Use only_new=on (or
  --only-new=on on the command line) to process only new messages and ignore
  already retrieved messages. 
  The file to store the lists of unique IDs of already retrieved messages in is
  ~/.mpop_uidls by default. This can be changed with uidls_file/--uidls-file.

Version 0.4.1:
- Added the new connect_timeout command and --connect-timeout option.
- Added specialisation to account definitions. See documentation of the
  account command and the example files.

Version 0.4.0:
- The default_mda command is obsolete: there's a new defaults command to set
  default values for all following commands.
- The password will be prompted for if non is given in the configuration file
- The user configuration file is required to have no more permissions than
  0600 (user read/write).
- Added support for AUTH EXTERNAL
- Various cleanups
- You need GnuTLS >= 1.2.0 now if you want GnuTLS support.

Version 0.3.1:
- --serverinfo is now usable without valid authentication data

Version 0.3.0:
- You can now filter your mails before downloading them by inspecting only the
  mail headers: use the new filter command or --filter option. Your POP3 server
  must support the POP3 TOP command for this to work.
- Added --mda option
- Various bugfixes and cleanups

Version 0.2.0:
- Update to the latest msmtp code base:
  - New command line options; see the man page or the --help text
  - Optional GNU SASL support. In addition to the built-in USER/PASS and APOP
    methods, there's support for PLAIN, CRAM-MD5, DIGEST-MD5, GSSAPI, LOGIN,
    and NTLM. Beware: This has not been tested yet!
  - TLS certificate information output with --serverinfo and -debug
  - Long option support on all platforms (thanks to gnulib)
  - Enhanced almost all commands to allow unsetting of features
  - Changed commands: "tls_nostarttls" is replaced by "tls_starttls off" and 
    "tls_nocertcheck" by "tls_certcheck off"

Version 0.1.4:
- IPv6 support on Windows systems
- *Lots* of small bug fixes and improvements

Version 0.1.3:
- When an error occurs, the so far successfully delivered mails will not be
  undeleted on the server anymore. This should prevent double download of 
  mails.
  
Version 0.1.2:
- This version can be compiled without TLS/SSL support; use 
  --disable-ssl if you really want that.

Version 0.1.1:
- New commands: default_mda, killsize, skipsize
- Important bug fixes

Version 0.1.0:
- initial public release; 90% of the code comes from msmtp
  read the TODO file to find out about missing and untested features!