`$Cambridge: hermes/src/prayer/docs/DONE,v 1.70 2012/07/05 09:42:36 dpc22 Exp $

05/07/2012
==========

Release: Prayer 1.3.5

01/07/2012
==========

Add ssl_cipher_list and ssl_server_preference config options.
 ssl_cipher_list now defaults to:
  ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!EXP
   
Fix problem forwarding messages with complex MIME structure.

  Previously we looked for text in section 1, attachments from sections 2.
  If no text parts are found at top level of section 1 we displayed "Message
  body was not text: suppressed" and discarded that part. Better to include
  part 1 as attachment if we can't find text at the top level there. This
  is what PINE does in the same circumstances.
 
Sieve filtering fixes:
 account_mail_check() didn't clear out any existing lists of filters and
 blocks. Normally protected by:
  
      if (account->mail_checked)
          return (T);
  
 However that gets reset by "Update" on the Advanced filtering page.
 
 Need to disable Sieve script before deleting with Cyrus 2.4. 

 Old template set was missing <form> at start of Sieve upload.

09/11/2011
==========

Addressbook display needs to wrap long lines of addresses without spaces:
   "dpc22,dpc22,dpc22,...". Otherwise layout breaks.

27/06/2010
==========

Release: Prayer 1.3.4

22/06/2011
==========

draft.c fixes:
 Fold long lines of addresses before the entry which reaches 78 characters
 when possible, rather than after the first entry which crosses that
 boundary. Long standing bug bear of mine but several support functions
 needed to be rewritten to use scratch string in place of output buffer.

 Long subject lines which are not RFC1522 encoded need to be folded.
 separately. Reported by Andrey N. Oktyabrski <ano@bestmx.ru>.

 RFC1522 is not allowed to fold lines in the middle of a UTF-8 multibyte
 character. Reported by Andrey N. Oktyabrski <ano@bestmx.ru>.

Tidy library:
  Add support for tidyp fork of (apparently abandoned) tidy library.

Fix cross site scripting problem:
  MSIE and Chrome think that <!---> is a complete comment. Allows people to
  hide scripts inside <!---><script>...<!--->. Strip all comments (which is
  something that the old sanitiser had been doing already)

Sieve blocks should check "From: " address in body as well as
envelope sender address. Check "Sender: " as well for completeness.

Linux needs IPV6_V6ONLY to bind to '0.0.0.0' and '::' 

01/11/2010
==========

Mike Brudenell <mike.brudenell@york.ac.uk> reported problem with RFC
2183/RFC 2231 quoting with vey long filenames, or filenames with strange
characters from ASCII range.

20/07/2010
==========

Release: Prayer 1.3.3

08/07/2010
==========

Better handling of complex multipart messages:

 Rather than just displaying the first text/plain or text/html that we can
 find in the top, (leaving people to access sections for the other parts),
 display the entire tree: multipart/alternative are handled as before, but
 with other multipart messages, recurse into the subtrees and repeat. Given:

   1   (Nested multipart)
   1.1 text/html
   1.2 text/plain
   2   text/plain

 we display sections 1.1 and 2. Previously we would display section 2,
 which is a bit of a disaster if section (1) was the original message and
 a listserver has helpfully tagged on a message footer as a separate bodypart

Combine os_*.c back into a single file (which is where I started off
many years back). Eliminates lots of repeated code.

07/07/2010
==========

Bugs
====

os_bind_inet_socket(unsigned long port, char *interface)

  If interface resolves to multiple IP addresses then only binds to the
  first. Should really walk along ai->ai_next and bind to each IP address
  in turn. Unfortuanetly this means that os_bind_inet_socket() needs to
  return an array of sockfds rather than a single int. Parent routines
  probably aren't going to play ball either.

  Most likely cause will be a hostname which generates both IPv4 and IPv6
  addresses. Unfortanately it is a probably that we are going to have
  to solve eventually.


05/07/2010
==========

Fix XSS problems reported by:
  Jacob H. Hilton <jhh40@cam.ac.uk>
  Dr Andrew C Aitchison <A.C.Aitchison@dpmms.cam.ac.uk>

  Rather than trying to spot dangerous tags by simple substring matching in C,
  I now feed the html through Tidy library (http://tidy.sourceforge.net/),
  and then prune unwanted nodes from the parse tree before setting it to
  the pretty printer. The only problem is that the Tidy library doesn't
  provide any public API for manipulating the parse tree (although it does
  provide a public API for walking the tree!?), so I had to dig around to
  find the private functions required to remove and manipulate nodes.

  Javascript embedded into CSS is also a problem: I need to strip off CSS
  character entities before looking for dangerous expressions. The final
  part is still a simple string match: I hope that I don't end up having to
  generate parse trees for CSS as well as the HTML.

  Now passes full test suite at:

  https://secure.grepular.com/email_privacy_tester/

Better vacation screen
  Subject line
  Phrasing

Coping with multiple logins as single user from single browser:
  SessionID stored in HTTP Cookie: second login blats first
    Can store SessionID in URL (Prayer does this if no cookies available)
    Not secure: leaks in HTTP "Referrer" header with links from HTML email.
  Solution: Use HTTP Cookie keyed by PID of login session.

Smaller cleanups:
  Improve gap between words in spell check (Cambridge house style)
  Remove extra blank lines after postpone, restore cycle.

02/09/2009
==========

1.3.2 release

28/08/2009
==========

Switch to using BSD PTY code on Linux platforms as more reliable
  - Only actually relevant to accountd
  - Requires -lutil on modern Linux platforms (e.g: Fedora 10, Ubuntu 8.04)

Fix various bugs reported by Jon Peatfield <J.S.Peatfield@damtp.cam.ac.uk>
  Folderlist and maildir handling
  IP adddress list parsing
  Add RAVEN_ENABLE flag to Config file, depends on SSL_ENABLE
  Set ACCOUNTD_ENABLE=false by default
  Disable gzip compression when client is MSIE
  
09/04/2009
==========

Given text/plain which has <http://link.to.something> should create link,
as per RFC 2396:

 "The angle-bracket "<" and ">" and double-quote (") characters are 
 excluded because they are often used as the delimiters around URI in text 
 documents and protocol fields."

UTF-8 -> ISO-8859-1 conversion doesn't convert filenames.
  Fixed in source: 03/03/2009.
  Oh no it isn't.
    Either need to apply RFC 2231 encoding and decoding [correct, obscure]
    or RFC2047 encoding, decoding [incorrect, simpler, used elsewhere]

Junk email page. Centre whitelist.

Tab expansion (message from jw35, 05/02/2008)

19/03/2009
==========

Change the names used for CFLAGS and LDFLAGS in subsiduary Makefiles.
  
  BASELDFLAGS = $(LDFLAGS)
   . . .
  LDFLAGS = $(BASELDFLAGS)
  
doesn't mean quite what I though it did, although it seems to work quite
happily for me on both Linux and FreeBSD. I guess that I shouldn't be
surprised given the ability to type 'make LDFLAGS=foo' at a random piece of
open source software.

Alternative fix would have been to use:
  
  LDFLAGS := $(BASELDFLAGS)
  
That would seem to have more potential for future grief. Better to use
MYCFLAGS/MYLDFLAGS at the bottom.

31/10/2008
==========

Release: 1.3.1

By 29/10/2008
=============

Add some config backstops and automatic disable on outgoing email to counter
current phishing attacks:
  recips_max_msg
  recips_max_session (links to sending_block_dir if enabled)
  sending_block_dir
  sending_allow_dir  (whitelist to counter sending_block_dir)

Replace one instance of strcasecmp() with strcmp() in folderlist code:
  Previously mailboxes might be in wrong order if IMAP server lists
  mailboxes out of order. (Doesn't seem to be a problem with Cyrus/UW IMAP).

Replace X-Originating-IP with:
           "Received: from [%s] by %s" CRLF
           "   with HTTP (Prayer-%s); %s" CRLF,
           ipaddr_text(session->ipaddr),
           config->hostname,
           VERSION_PRAYER, date);

Virtual domain [user@domain login] fixes:
   Fix "Click to login again" links.
   Fix -f option given to sendmail when sending messages.

Subjects not being rfc1522_decode()ed correctly on display screen.

08/10/2008
==========

Release: 1.3.0

Add Raven (Ucam Web single signon) authentication. No interest to anyone else.

New template tree based on new Cambridge University house style
  Template tree now user preference ("old"/"cam").
  Three levels of status message, with different styles:
      default  :: "Reminder: logout" message
      info     :: Informational updates
      alert    :: Errors: things not expected in normal operation.

  Instead of truncating Sender/Recipient and Subject on the list screen,
  send the whole thing and leave the browser to truncate using following:
  class="altrows truncate"

Various small improvements:
  "Mark All" without persistent mark mode.
  Paperclip to indicate attachment on the list screen
  Upload/Download for Sieve 
  Printable Version of messages.
  Space use in mailboxes
  favicon.ico
  Clean up addressbook transfer screen.

Small uses of Javascript:
  Javascript on login page to select Login box.
  Add submitenter handler to a number of pages which would
  otherwise to odd or inconsistent things.
     Search page
     list/abook_list page select

Reflector for /session//compose
  - if can't connect to login session, frontend should bounce back a
    page so that people can cut and paste text.

Login screen replaced with frontend template. RSS -> HTML converter.

Bugfix: URL encode entries in the roles_select screen correctly.

Updates based on patches from c.d.wakelin@reading.ac.uk.
  HTML display:
    Show text/html in preference:
      29/09/2008: reverted until I can think of something more sensible
      to do involving messages with text/html attachments. Need to
      pay much closer attention to multipart/alternative tags?

    "Show remote images button" (unless prefs->show_remote_images set).
  Show full date/time
  Expunge on exit
  First unread option
  Show attachment in list (needed to work around c-client overview bug.  In
  fact all of the overview stuff seems to be redundant with imap-2007).

  Fix IFEQ template expansion bug where left or right hand expression
  was a quoted string involving spaces (too many levels of unquoting).

Updates from Magnus Holmgren <holmgren@debian.org>
  Manual pages

  Only include lookup options on the abook_list page if appropriate
  backends defined.

  Redundant config options: is_netscape4, use_embed_http and http_icon_embed

Fix lots of missing spaces in xhtml_strict tree, e.g: "alt="Next
  Infer that I had a problem with a script removing border="0" from
  xhtml_transitional. Little suprised that that Firefox HTML validater
  doesn't pick this up. Problem pointed out by Peter Benie (pjb1008@cam.ac.uk)

Improve PINE <-> Prayer postponed-msgs compatibility.
  Looks like PINE 4.30 started to add the following headers without warning:
    X-Our-ReplyTo: Full
    X-Our-Headers: Reply-To

Don't add default_domain if username supplied (and validated by the
IMAP server) is a full email address: probably incomplete.

01/07/2008
==========

Release: 1.2.3

30/06/2008
==========

Stop users from marking every mail in their inbox and then trying to
generate a GByte size message when forwarding offsite.
  - this was running into the limit_vm backstop, but better to just block
    when we reach config->draft_att_total_max (which should probably
    be renamed to be something like config->max_message_size).

24/06/2008
==========

Fix wrapping for long lines on abook_list screen

Some bug fixes from Magnus Holmgren <holmgren@debian.org>:
  Archive and remove session cache logs in prayer-ssl-prune using DB4
  log_archive() call rather than separate prayer-db-prune utility. Only
  appears to work with recent Berkeley DB libraries (specifically: it
  works fine with DB 4.6 on my Ubuntu 8.04 Hardy Heron desktop, but not on
  our main Webmail service which is still using a private DB 4.2 library).
  I can't see an obvious reason from the two log_archive() manual pages.
  People using old DB libraries can continue to use prayer-db-prune.

  welcome.html file now obsolete: replaced by welcome template.

  config->template_set: html4 template tree no longer exists.
    xhtml_strict should be the current default.
    If the config file refers to an obsolete or missing template tree return
    error rather than falling off the end of the template_map_index[] array.

  Session cache: Use DB_RECOVER on DB_VERSION_MISMATCH

12/06/2008
==========

Fix unquoted field on /login/xxx page.
  (Potential cross site scripting attack picked up by robot, don't think
   that it is actually a concern).

09/06/2008
==========

Release: 1.2.2.1
  Fix two silly bugs with public build
  reported by Joel Reicher <joel@panacea.null.org>
    - templates/xhtml_strict tries to copy (nonexistent) CVS directory
    - Public prayer.cf didn't have a static_dir definition.

05/06/2008
==========

Bugfixes:
 display_hdrs.t needs a non nowrap style (t_wbanner) for recipient list
 "Show Hdrs" should become "Hide Hdrs" when active.

03/06/2008
==========

Release: 1.2.2
  Has been running as our live Webmail service for a few days now

By 02/06/2008
=============

Fix assorted Makefile problems from the great 1.2.x reorganisation,
courtesy of Magnus Holmgren <holmgren@debian.org>

Merge devel stream onto CVS HEAD:
  Add XHTML strict template tree.
  xhtml has been replaced by xhtml_transitional and xhtml_strict:
    config option template_set selects active template tree.
  
29/05/2008
==========

Release: 1.2.1
  Has been running as our live Webmail service for a few days now

By 26/05/2008
=============

XHTML templates (currently XHTML 1.0 Transitional, but most of the way to
XTML 1.0 Strict: just need some style sheets for stuff like <tr bgcolor=)

Some more template bugs, picked up while translating everything to XHTML.
  spell screen had a stray/missing table
  filter screen had $target_mailbox rather than $mailbox
  Remove </li> from display_mime tree.
  </ol> in the wrong place on empty filter page
  compose: Not preparing line_wrap and copy_outgoing checkboxes correctly
  Attachment screen not listing offsets correctly
  display_hdrs: couple of <tr> in the wrong places
  search_date: Spurious <td>

1.2.0 reorganisation bugs:
  user_agent->use_icons not overriding prefs->use_icons correctly when
  Lynx/w3m in use

  Missing $g_use_icons paths for logout, rm, delete screens.

Other, long standing bugs:
 upload_xfer wasn't canon_decoding its argument for Append links

21/05/2008
==========

Release: 1.2.0
  Add template language: See ./TEMPLATES and ../templates
  Factor out common code used by Prayer and Accountd.
  Search: Default to search on recipient if looking at sent-mail mailbox
  Persistent mark mode:
   Don't switch "Change to:" dialogue to "Copy" dialogue: consistency.

  Lots of structural change (hence 1.2.0), very little user visible change.
  We have been running this for a few weeks now, the trickle of bugs
  created by the new template system seems to have dried up.

Couple of new mailing lists, as it ain't dead yet:
  https://lists.cam.ac.uk/mailman/listinfo/prayer-announce
  https://lists.cam.ac.uk/mailman/listinfo/prayer-users

10/04/2008
==========

Release: 1.1.0

Summary (more detail below, and in local CVS repository):
  Supports multilingual email with a decent iconv library (e.g: GNU iconv)
    All interaction with Web browser is now UTF-8
    (messages still send as ISO-8859-1 when possible, for simplicity)

  Supports different hierachy seperators (e.g: '.', '/') and personal
  hierarchy under INBOX. Configuration picked up automatically using
  server NAMESPACE response unless prayer.cf overrides.

  Supports dual use mailboxes. dual_use option in prayer.cf provides hint
  for new mailboxes (otherwise we need to force a folderlist cache refresh
  every time a new mailbox is added).

NB: If you need to downgrade from 1.1.0 for any reason, use 1.0.20. This
will automatically downgrade the UTF-8 preferences mailbox.

09/04/2008
==========

IPv6 support, courtesy of Magnus Holmgren <holmgren@lysator.liu.se>
and Antonio Querubin <tony@lava.net>

Release: 1.0.20
  Downgrades UTF-8 preferences file created by Prayer 1.1.0 and above
  back to Latin-1.

08/04/2008
==========

Back to using 'LIST "" %'. Slightly less efficient with my Cyrus backends,
but a lot faster for people using maildir etc. Also the code is cleaner as
I don't build a list of results and then transform it into a tree.

By 11/03/2008
=============

Present mailboxes as expandable tree of folders/
  Works with dual use mailboxes
  Runs 'LIST "" *' on initial login. This breaks Mark Crispin's tenth
  commandment for IMAP clients. However:

  1) Squirrelmail, IMP and Roundcube all do this.
  2) On my Cyrus server, LIST "" * is as fast as LIST "" %, so this is
     actually more efficient than paging in the directory hierarchy in stages.

  If someone cares, they are welcome to replace the folderlist class
  with one which runs 'LIST "" %' as required.

New config options:
  use_namespace       :: Get personal_hierarchy and hiersep from server
  personal_hierarchy  } in case no namespaces defined or incorrect
  hiersep             }
  dualuse:
    Hint to Prayer that new mailboxes are dual use. Things will mostly work
    if dualuse set to NIL (the default) on a server which supports it, but
    people will be unable to create children of newly created mailboxes
    without a "Refresh"

By 26/02/2008
=============

Check for postponed messages on compose rather than login (requires
additional IMAP connection, which is why we currently check on login).
Can just use STATUS command.
  - or just always open the draft_stream when someone click on Compose.

By 22/02/2008
=============

Add UTF-8 support. Based on patches from:
  Magnus Holmgren <magnus@kibibyte.se>, <holmgren@lysator.liu.se>.

but with a number of changes to:
  Add support for enctype="multipart/form-data" POST forms. In theory
  better for mixed character set environment as each key/value pair
  should include a charset parameter. In practice Mozilla doesn't
  seem to do this. application/x-www-form-urlencoded probably better as
  less verbose for simple ASCII text.

  Use ISO-8859-1 where possible when sending and saving messages (Windows
  1252 smartquote characters are transliterated to " and ').

  Handle multibyte characters correctly in line wrap and spell checking.
  Also handle UTF-8 characters which have double and zero display width.

  Not try to translate raw binary data into UTF-8 on attachment download.
  
  Fix UTF-7 mailbox handling [Surrogate pairs were decoded incorrectly by
  utf8_to_imaputf7(). It also incorrectly added UNI_REPLACEMENT_CHAR_UTF8
  to 6 byte and 12 byte sequences

  Fix a number of places where 8859-1 and undecoded UTF-7 mailbox names
  were still in use.

  Upgrade the existing version 2.0 preferences information (ISO-8859-1) to
  version 3.0 (UTF-8).

  No longer downgrade LDAP lookups from UTF-8 to 8859-1

  Use ACSII in Sieve files as the useful subset of UTF-8 and Latin-1.

By 01/02/2008
=============

Release: Prayer 1.0.19

Add .pid to PID filenames (and the various rc scripts which used these files)

Fix References handling to match RFC 2822, section 3.6.4 where a message
contains In-Reply-To, but no References header. Add sensible formatting for
References header using continuation lines, one Message-ID per line.

Don't call session_streams_check() if the cmd is restart. If it fails
the browser is redirected to "restart". Instant redirect loop.

Stripped out old session_direct experimental nonsense.

Copy the https check from the login page to the session page handler,
so that user's can't switch from https to http after login and expose
their session cookie to spammers.

Move prctl(PR_SET_DUMPABLE, 1) into os_linux.c as it is Linux specific.

Assorted trivial bugfixes, documented properly in local CVS.

04/09/2006
==========

Release: Prayer 1.0.18

Important Security fix:
  os_connect_unix() had a strcpy() which should have been strncpy() to
  prevent buffer overrun. Prayer 1.0.17 was mostly safe.

By 28/06/2006
=============

Release: Prayer 1.0.17

Fix small foulup wuth gethostbyname() calculations when binding Prayer
to specific interfaces.

Cleanups to stop char vs unsigned char warnings with latest c-client.

Make sure that all internal draft messages consistently use CRLF.

Security audit for Prayer frontend following attack:
  Optional Chroot environment (See chroot options in config file).
  Stripped out debugging code.

04/11/2005
==========

Fix small foulups with abook_lookup:
  Couldn't add last address to existing draft.
  Block LDAP metacharacters from search.

By 13/06/2005
=============

Release: Prayer 1.0.16

Fix silly bug when replying to multipart messages where the main message
and the text/plain subpart have different encoding (missing mail_body
call).

Add a limit_vm backstop to stop single runaway process from taking
over the system.

By 10/06/2005
=============

Release: Prayer 1.0.15 (1.0.13 and 14 internal releases only).

list screen doesn't set "current" message to middle of range. Means that
switching between various sort modes works more consistently.

Go fishing for text/plain or failing that text/html bodypart within top
level of multipart/mixed or multipart/alternate message when replying to a
message. Behaviour should now be consistent with cmd_forward and
cmd_display.

Include LDAP and local finger database lookups (latter for Cambridge use only)

Addressbook screen:
  Addressbook sort (can be set on Manage => Preferences => Display)
  Addressbook bulk removal
  Import and Export CSV (Outlook) format address screen

Spellcheck:
  Support native aspell as well as ispell, aspell in ispell compatibility mode.
  Means that Quoted text is not checked if the following is set:
      Manage => Preferences => Extra Compose =>
      Skip quoted text on spell check

By 09/08/2005
=============

Spam whitelist

Test the Referer header on login. Two independant prayer.cf options:
referer_block_invalid and referer_log_invalid

Test the Referer: header before performing a /redirect/ action in
order to protect against URL redirector abuse
  Doesn't work with "Save Target As". Remove entirely

Confirm on expunge.

Cleanup up account_message error reporting so consistent.

Fix format=flowed quoting problems.

Fix memory leak in mailbox download (2 x size of mail folder) until
next transfer or idle shutdown.

25/01/2005
==========

line_wrap_on_send preference not used by draft_init().

Fixed problems with multipart/alternate display and forwarding

06/01/2005
==========

Release: Prayer 1.0.12

Apparently "mutex" is already claimed by a system header on Solaris.

26/11/2004
==========

Release: Prayer 1.0.11

File locking on Linux (probably other operating systems) is pretty dumb
when lots of processes are trying to lock a single file for serialisation:
all of the processes are woken each time that the file is unlocked. Most of
the process will simply loop inside the kernel and attempt to lock
again. Presumably this approach makes nonblocking locks and EINTR easier to
do, but it does mean that you can get occasional load average spikes.  Add
MUTEX_SEMAPHORE to implement System V semaphore based lock, which does not
have this problem in Linux. Warning: System V semaphores are a finite
resource, and they are not released automatically. See: prayer-sem-prune.

Quotas now reported in MBytes rather than KBytes.

Add download links for text/html and text/plain attachments

Fix bug with body->type TYPEMESSAGE: c-client API very poorly documented :(

Strip out common HTML entity encodings that might be used in HREFs
with text/html attachments.

Fix mydb_db3.c to work with DB4.

Integrate into Tony's funky packaging system for Hermes and PPSW.

Add interface to automatic spam folder pruning utility that I wrote for
Cyrus (controlled through special Sieve files).

Fix uploads where mailboxes contain NUL characters (translate to space?)

Assorted minor bugfixes

22/04/2004
==========

Release: Prayer 1.0.10

Fix nasty /redirect bug that I managed to introduce by switching from
url_encode to canon_encode to work around bug in Opera. Missing a
url_encode: infinite loop from dumb UAs :(. Otherwise identical to 1.0.9.

21/04/2004
==========

Release: Prayer 1.0.9

Few minor bug fixes, covered in CVS history.

30/03/2004
==========

Prayer oddity with lots of disp_delete actions (not Cyrus specific?)
  Not reproducible.

cmd_spam:
  Invalid test on empty list for directory list when deciding whether
  spam folder exists.

Message dated 24 Sep 2003:
  I use pine with remote settings stored on hermes. If I postpone a message
  from pine and then send it subsequently from webmail it gets copied to a
  new folder: "mail/{imap.hermes.cam.ac.uk/user=jdb1003/tls}mail/sent-mail"

"Status: Browser history disabled as unsafe: use Webmail navigation icons
and links" appearing erratically?
 FIXED: typo in session sequence number encoding.

29/03/2004
==========

list_insert_sorted broken? No tail updates.
  Looks fine to me: not sure how I came to this conclusion.

Handle In-Reply-To: and Received: headers correctly when replying to a
message, for interoperability with threaded MUAs. (RFC 2822 sect. 3.6.4)

26/03/2004
==========

Opera 7.23: daft things with '/' quoting.

Timeout on sieve screen.

Better/more consistent address checking.  Typo caused abook lookup failures
when we tried to install this in October 2003.

Preserve System abd User flags when uploading/downloading mail folders

Remove SIGCHLD handler in prayer-session: this was confusing waitpid()
on FreeBSD and Solaris.

Assorted fixes for clean compilation under SuSE.

Assorted small fixes (typos etc) which will be recorded in CVS history.

14/07/2003
==========

:days option on vacation screen for Sieve vacation.

29/05/2003
==========

Release: Prayer 1.0.8

The only really significant change from 1.0.7 is support for spam filtering
based on X-Cam-SpamScore headers and support for a sieve backend for mail
filtering, currently undocumented. This will be of limited use to anyone
who isn't us.

Small bugfix:
  Added "SSL_INCLUDE= -I/usr/kerberos/include" to work around rather
  peculiar header dependancy in Redhat 9. We don't actually link against
  any Kerboros libary.

Think that's everything significant of late. Afraid that the detailed
comments are going into our (private) CVS repository these days.

12/05/2003
==========

Switch to using SSL_CTX_use_certificate_file(): appears to give us
certificate chain support without complications?

Initial (and very rough!) Sieve support for testing purposes.

CVS
===

Fed Prayer through: indent -kr --no-tabs before checking into CVS.

16/04/2003
==========

Fixed ctype.h.

Incorporate session_banner_path patch from Clive McDowell.

Fixed 2002 --> 2003 on recent timestamps in this file (I'm just so
observant)

07/04/2003
==========

Release: Prayer 1.0.7

Additional Configuration options:
  msgs_per_page_max.  msgs_per_page_min.
  abook_per_page_max. abook_per_page_min

  Need to add to master cf file.

05/04/2003
==========

Fix session_server() ping interval logic.

28/03/2003
==========

Added message download link for Message/RFC822 sections.

27/03/2003
==========

MHT nonsense.
  Fixed: Message/822 shouldn't be encoded as BASE64 or QUOTED

Fixed abook_list boundary condition when current entry is last on page.
(Same fix that we had to apply to cmd_list long time back: sigh).

Attachment download/display esp: IE6
  - Better use of Content-Disposition: inline
  - Use '.' in filenames: quoting arrangments changed.

26/03/2003
==========

Slow process leak in iostream_getchar()
   Looks like SSL_read can block even after SELECT
   - need proper timeout here somehow.
   - need to use non blocking I/O method: will need some testing.

  - Fixed (I hope!) by putting underlying socket into non blocking mode
    and more careful use of select/retry and error testing around ssl_read.

  - Cleaned up code in process. Nee

Make sure cmd_restart robust e.g: browser buttons.
  - Seems to be reasonably robust, though hard to trap error conditions
    on every ml_ call reliably.

Delete open folder
  => close, bounce to inbox if required

IP address off by one error:
  I also tried a different IP address and it acts the same way, i.e., i
  had to specify 193.160.13.2:80 to make it use 192.160.13.2:80.
    - Looks like SCO/Unixware bug: no success duplicating this.

Additional Configuration options:
  msgs_per_page_max.  msgs_per_page_min.
  abook_per_page_max. abook_per_page_min

Missing /usr/lib/sendmail ==> mail dropped.

24/03/2003
==========

Manage with single "\n" in .forward file => splat. End up with a
    redirect
      address <nothing>

Fixed at accountd end, but also made an effort to catch invalid cases at
accountd client side.

Spelling correction should use <em> rather than <b>
  - Disagree: <b> clearer, at least when defined.

13/02/2003
==========

Typo: "MSshell :: subject" --> "MSshell :: redirect"

06/02/2003
==========

Fixed config->prayer_user expansion.

fatal() shouldn't dump core if root.

31/01/2003
==========

Release: Prayer 1.0.6

27/01/2003
==========

Add initial support for getpwnam(), getspnam() for accountd authentication.

Use c-client address parsing code to split pattern into localpart & domain
components.

24/01/2003
==========

Apply sanity checks to email dialogue on filter screen:
  either simple name which matches Hermes account name or legit email address

21/01/2003
==========

Fix mydb_db3.c to work with DB 4.1

Disable gzip for Opera attachment download.

session cookies:
  No expiry date => disappear when browser closed down.

Quote username in argv:
  Just want to stop Prayer interpretuing funny usernames e.g: fred@xxx
  Simple string_url_decode in prayer_server.c, session_exchange.c

03/12/2002
==========

Remove "Feel free to send more messages" text from vacation messages.

18/11/2002
==========

Release: Prayer 1.0.5

11/11/2002
==========

Better handling of quota errors
 (UW server may generate list of quota warnings followed by "OK" response,
  even though operation has failed. Even worse c-client quietly ignores the
  warnings and takes the final OK as definitive).

cmd_abook_list: Fix "Added 1 addresses to draft"

06/11/2002
==========

Fixed inconsistent DB_RECOVER stuff.
  - transcient nature of data means
    Best to run without recover, remove Dbase on startup

Add allow_changing_from config option.

Catch (session->upload_file == NIL) in cmd_upload_xfer
  (People playing silly buggers with browser history).


30/10/2002
==========

Small amount of juggling to get rpmbuild working correctly on Redhat 8.0a

Release: Prayer 1.0.4

28/10/2002
==========

Berkeley db libraries still leaking 12 Mbytes on DB create:
  close, reopen should fix the problem.

Add DB_RECOVER mode to mydb startup at first attempt.

Remove invalid NIL argument to log_panic() call in mm_fatal()

22/10/2002
==========

Missing argument in cmd_expunge reporting message count

socket_split_spool
  - '.' was a bad choice of character in session sequence ID:
    mkdir('.') anyone? Switch to + which should be safe.

  - DONE

15/10/2002
==========

Appear to have a good stable version

Release: Prayer 1.0.3

09/10/2002
==========

socket_split_dir as safe guard
  (64 way split on sockets directory based on first character of sessionID)
  DONE, including backwards and forwards compatibility

08/10/2002
==========

Reverse alarm(0) and os_signal_alarm_clear() in ssl.c: tiny race condition.

Refresh doesn't do "New mail" correctly.
  - msgmap_check() should have been msgmap_update() to get accurate count
    immediately.
  - Added safety check so that folder onto gets checkpointed once every
    5 seconds.


07/10/2002
==========

Nasty SSL_accept bug
  - Appears to have actually been problem with deadlock inside SSL
    session cache. Side effect of ssl_prune job hanging? 

/robots.txt
  - DONE

Links in message should use: /redirect to avoid Referrer attack.
  -DONE

http_max_servers spin: sleep(0) is NOOP. Replace with sleep(1).
 - DONE.
 
06/10/2002
==========

Added login_prefix_path and login_suffix_path.
  - DONE (still need to verify output pages)

Added support for /static/ URLS and .css files, just in case we need them
  - DONE

Spell check:
  Fixed at least one, possible two bugs in interaction between spell
  checker and browser history. Safest to bail out if we see people playing
  silly buggers with browser history there: very stateful.
  - DONE

Fix /icons - /opts lost!
  - DONE

Fix /icons and /static namespace.
  - DONE

30/09/2002
==========

msgmap_find_deleted():
  Fix zm_offset initialisation if zm changed size

23/09/2002
==========

SESSION_CACHE_ENABLE
  - managed to break this when upgrading to latest Cyrus session cache.

06/09/2002
==========

Release: 1.0.2

05/09/2002
==========

Fix off by one bug in cmd_abook_list form processing.

cmd_reply2: do stream_check_uid to stop out of range effects.

16/08/2002
==========

Release: 1.0.1

15/08/2002
==========

Fix bug handling empty prefs esp: maildir

13/08/2002
==========

Add vacation aliases list
  - DONE

Check password changing via accountd
  - Need way of skipping "Warning: " text from passwd program
     e.g: 8 character passwords.
     Added "warning" clause. Need to test quietly.
  - Test.

Remove stray upload tmp files.
  - DONE

Need to integrate latest session cache into prayer
  - DONE

Port back iostream changes...
  - DONE

Abook list is missing first entry in each range. Doh!
  - DONE
  - Added # numbers to code and documentation.

http:// links: Remove final '.' from link.
  - Fixed

Source link in RPM incorrect!
  - FIXED

06/08/2002
==========

Released code had 3 x fprintf(stderr) left installed for debugging.
Silly boy!

29/07/2002
==========

Made hash function used by assoc keys a bit better distributed.

23/07/2002
==========

Release: Prayer v1.0

Set up RPM build environment:
  "make RPM_BUILD=true" sets up build parameters using Config-RPM.
  prayer.spec file written.

Make sure that account has a default configuration file.

22/07/2002
==========

Couple of minor tidyups inspired by Tony looking at FreeBSD install

21/07/2002
==========

Check documentation briefly.

Only initialise SSL subsystem if HTTPS ports defined

Add Copyright line/disclaimer to all source files ready for source release.
  (making sure that the session cache stuff is correctly attributed).

local_domain_list problems when prayer_session running --foreground for
debugging purposes: Problem was that session_free() was calling
config_free() when it didn't own the config => config go bye-bye
  - FIXED

Catch message number out of range on postponed message list screen
(combination of browser history + Outlook silly caching behaviour meant
that it is possible to end up on invalid postponed msg list).
  - DONE

19/07/2002
==========

Bug:
  Select unseen, read/delete, then expunge when still in the subset 
  returned from the search.
    Mailbox access error: mail/IN/incidents
    Status: Lost connection to IMAP server (possible concurrent access?)

  FIXED: Needed to integrate msgmap_recalculate() into msgmap_update()
  as expunge events can change number of marked messages
    => must force full recalculation of sorted and subset ranges.

Make http://... in body of mail a 'clickable' link:
  Should be possible to subvert line wrap system

Download <-> Show full headers.

Fixed "<html>" markup bug in cmd_prefs.

prefs->html_inline_auto set
  => Display docs starting <DOCTYPE inline

Apply "Back to Options Screen" consistently.
  - DONE

17/07/2002
==========

Fixed markup bugs on transfer, favourite and upload_select screens.
  - DONE

Reverse sort:
  cmd_display(): delete --> move to "previous" message rather than "next".
    DONE

cmd_display(): 'Copy' should move to "next" message like delete
  - DONE

24/06/2002
==========

Remove trailing \012 from request->request. These started to appear when I
fixed a bug parsing the method lines (it was translating CRLF to LF on the
quiet). Bug fix was causing CR characters to turn up in log files.

No longer log invalid requests in accesslog
  - silly idea as unparsed requests were already reported in prayer log
    and parsed request contains little useful content.
  
22/06/2002
==========

Added bounds check to chunked transfer encoding. (Prayer isn't vulnerable
to the buffer overrun exploits seen in Apache < 1.3.26, but it wasn't
counting bytes correctly, which could lead to a denial of service attack)

Removed a few redundant config parameters from request_* methods.

Fixed (safe but slightly confusing) overloaded use of request->body_size
by introducing request->chunked_body_size and friends.

21/06/2002
==========

Verify install works okay on Redhat Linux (using Redhat RPMs + own install
for c-client), FreeBSD and Solaris.

20/06/2002
==========

Tidied up include files for clean install. Make sure that accountd compiles
cleanly on Redhat Linux, FreeBSD and Solaris. (Interaction with the Linux
/usr/bin/passwd is still proving temperamental).

19/06/2002
==========

Added is_netscape4 clause into user_agent (+prefs +config)
  - enables broken HTML to keep Netscape 4 happy.
    (border=0 in image submit clauses, wrap="virtual" in <TEXTAREA>s)

18/06/2002
==========

Accountd:
  Added simple scripting language to try and make it more general.
  Added (currently optional) second argument to fullname command
    - fullname NewName          OR
    - fullname password NewName

  So that we can quitely migrate to the second form.

16/06/2002
==========

Replaced atoi(assoc_lookup(request->form, "page")) in:
  cmd_abook_list(), cmd_aggregate.c() cmd_aggregate_tmp()
  - possible to end up with atoi(NIL) --> bang with invalid form input

15/06/2002
==========

Fixed silly HTML markup bugs on cmd_dictinary and cmd_roles_list screens.

Check whether speller checker actually active in cmd_spell. Also check for
active draft message => can spot people playing silly buggers with the
browser back button.

Added line wrap on spell:
  config->line_wrap_on_spell
  prefs->line_wrap_on_spell
  + option on preferences screen (page revalidated at w3c).

Move manual line wrap preference down a bit for Stella.

Check line_wrap_on_reply + line_wrap_on_send defaults: was bug in the code.
Looks okay: may have a few redundant "line_wrap_on_reply: true" and
"line_wrap_on_send: true" lines appears in user .prayer files, but not
the end of the world.

Flush preferences on the cmd_abook_list() screen

Need to add line_wrap_on_spell to all cf files.

12/06/2002
==========

Fixed silly "No messages to expunge" counting bug which followed from
zm changes yesterday.

Added a couple of msgmap_update() calls to make sure that cmd_expunge()
has correct msgmap before and after ml_expunge.

11/06/2002
==========

Fixed silly crash bug caused by async notification of new mail by mail_sort
  - fixed all instances of stream->nmsgs which should be zm->nmsgs

09/06/2002
==========

Testing against proxy server:
  Translate silly error message from imap_login() back into English inside
  ml_open(). Rationalised session_server() and session_login() a little bit
  to remove duplicate error reporting.

Select last message in msgmap as session->current when changing folder:
  This way things work properly with sort orders != ARRIVAL

08/06/2002
==========

Expunge on empty folder => bang.
  - Silly bug caused by new msgmap_find_undeleted() stuff

cmd_copy_msg: didn't check session->other_stream live before ping
  - Factor out code to session_streams.c, rationalise + checked all.

Move session_save_options and session_close_streams to session_streams
for consistency & to put all stream unpleasantness in single place.

cmd_compose():
  Failed to check that session->draft_stream still valid when postponed
  message selected (concievable that it had timed out).

04/06/2002
==========

Fixed silly If-Modified-Since crash bug.
  (Amazed nothing triggered this up to now)

Put Delete links back onto list pages
  (removes need for nested tables => Lynx works better)

02/06/2002
==========

Cleaned up build process and documentation of build process a bit.

Updated default prayer.cf to match prayer-debug.cf

Cleaned out some of the old icons.

prayer_main:
  Close STDIN, STDOUT and STDERR if we are running in the background
  Means that we can shut down controlling terminal without any messing around

01/06/2002
==========

Check new expunge <-> sort interaction.
  - Think that its right, need to clean up in harsh light of day.

Sorting => bang?
  - msgmap out of sync with stream somehow
  - next page calculation wasn't correct in cmd_list: contrib factor?

ml_elt vs mail_elt?
  Both should generate core dumps!
  macro: ml_elt --> mail_elt for time being

29/05/2002
==========

Catch msgno out of range in cmd_reply

Bugs:
  If you forward an email to an invalid address (e.g. 'mark victory') you get 
  the expected error message. If you then go to Mailbox, open the message and 
  try to forward it again then the error reappears *before* the usual compose 
  window (i.e. before you can enter a valid address)

  FIXED (give sensible error message and bounce back to compose screen)

28/05/2002
=========

Sorting => bang?
  - Not repeatable
     => either uninitialised variable or off by one error

  - _believed_ fixed:

      if ((stream->nmsgs != z->nmsgs) || (stream->uid_last == z->uid_last))
        z->valid = NIL;

    changed to be:

      if ((stream->nmsgs != z->nmsgs) || (stream->uid_last != z->uid_last))
        z->valid = NIL;

Puzzled why this wasn't caught up to now...

27/05/2002
=========

Filter bug:
  Need to test fix, retrofit space into MSshell filter expansion.
  Use foranyaddress in recip stuff?
     - DONE

Fixed free on unassigned "value" in filter_test_addr()

session_streams_change()
  --> bang if other_stream timed out.

cmd_change():
  badly nested parenthasise --> logic bug

Delete Marked messages with no marked messages
  => silly uncaught exception

Character sets.
  - Have a brief think about just what is involved.

accountd hangs occasionally when changing password?
  - add alarm timeout into code. DONE: Test.
  - Try to work out why its hanging!

23/05/2002
=========

Possible bug with attachments and MSIE
  need to disable HTTP/1.1 and persist again
  Actual problem was with gzip encoding in response_raw
    - silly mistake involving headers.

Reverted to using lower case in MIME multipart headers
  - upper case just looked ghastly.

22/05/2002
==========

Fixed session_message format bug in cmd_forward1.c

20/05/2002
==========

prayer-ssl-prune
  - Shouldn't need to worry about hostname stuff.

18/05/2002
==========

Removed indentation for threading modes: appears to be broken.

Fixed help text macros. Added __STATUS_NONE__.

Strange attachment bugs?
  - Display top level message/RFC822 fails
      - Fixed: need to rationalise, test structure
  - Forward MIME torture test breaks loses a few parts of msg.
  - Mulberry doesn't always interpret messages sent by Prayer correctly?
      - Check RFCs, follow PINE MIME structure precisely?
  - Believe that all of these are fixed now. Need to check.
      - Appeared to do the trick!

Check html_secure stuff: code is close, but not quite there: DONE
  - thought: replace illegal targets with <cleaned_tag> like IMP: DONE
  - Need Referrer trap: DONE

15/05/2002
==========

Postponed folder doesn't appear, disappear correctly any more?
  - FIXED

Download message ==> display.

11/05/2002
==========

Fixed page offsets in abook listing

05/05/2002
==========

gzip compression: flush buffer in pages...
  - DONE

Implement ETag (could be reason that some UserAgents refetch)
  - What does Apache do?
  - Answer: combines mtime, size and file inode
  - we now to same (using decimal rather than hex because I'm lazy).


03/05/2002
==========

Allow folded lines in config file:
  Use string_get_lws_line, then check for CRLF sequences, escaped by \

Fixed abook_list/role_list bugs
  - & should be &amp; in prefiled GET form

hmtl_quote was converting ' ' to '&nbsp;'. Yuck!

Some browsers sending character 0xa0 instead of ASCII space 
  - &nbsp; in ISO-8859-1
  - draft_update_body quitely translates back now...

Need abook_entries per page preference.

01/05/2002
==========

Addressbook:
  Split into pages
  Abook search <--> Compose link

21/04/2002
==========

Added HTML checkboxes as option on list screen:
  Added use_mark_persist option to control this behaviour.

Rename outdated procedures: global search and replace.
  zoommap                --> msgmap 
  buffer_puts_quote_html --> html_quote_string

Push all ->spare and ->spare2 references into msgmap.c

Checkboxes on abook screen?

20/04/2002
==========

Enable gzip encoding selectively:
  Check for Accept-Context-Encoding: gzip or x-gzip header headers.
  Add user-agent field for gzip
  gzip_write in blocks (need block access mechanism)
  Enable gzip for certain IP ranges only, sepcifically

  gzip_enable  = "131.111.99.0/24"
  gzip_disable = "131.111.0.0/16 : + friends "

Reverse lookup on client IP address (for local IP ranges only?)

Need some routines to compare ipaddr to strings.

Fix themes/colours.

Added interface to use_http[s]_port

19/04/2002
==========

Line wrap:
  Discard short lines stuff
  "  " at start of line ==> new paragraph.

Warn if _non-empty_ draft active on exit

15/04/2002
==========

Content-Encoding: gzip.

14/04/2002
==========

Cleanup up zoommap code.
  - propose: sort/thread all messages, _then_ apply zoom.
     => intermediate step not invalidated by search/mark operations
         - should be more efficient.

Zoomap:
  SORT/THREAD all, _then_ subset marked surely more efficient + simpler

Address Book Take:
  find existing alias.

Delete postponed_folder on exit if empty, active.

Reply, Postpone, Resume doesn't record which message we are replying
to => answered flag set incorrectly.

Related:
  If we reply to a message and then change session->folder, answered flag
  will be set on wrong message
    - need to record current folder, open special stream if != current

accesslog: session record frontend process involved
  - done. A little involved because of log structure

Accountd:
  Partition out SSL better!

13/04/2002
==========

Add thread mode
  DONE.

12/04/2002
==========

Filters broken a little: need to remove '^.*', '.*$' and or add '(?s)' as
appropriate.

07/04/2002
==========

Have a brief go at history mechanism for back button
  - don't think that its actually all that involved.
  - need to record active mail folder. What else?

Move postponed stuff to draft.c

Check for postponed_name which should be draft_foldername...

Move session stream manipulation stuff to own file (session_streams.o?)

06/04/2002
==========

Add From address to role (matches IMP).
  - easy little task.

Better handling of postponed-msgs STREAM:
  - need to be first class object rather than have
    other_stream fight for possesion of stream

Add "Resume draft" link on msg display for postponed-msgs
  (+ link from postponed list to show folder as full list)

05/04/2002
==========

BUG: Empty cdb lookup not handled correctly in abook_substitute_recuse
  - Fixed

04/04/2002
==========

Send messages as format=flowed. Not handling incoming messages as
format=flowed yet: fixed width seems better for our purposes.

Analysise login procedure: why so long?
  - Save options bugs certainly wasn't helping us...
  - Some work with Netscape indicates that login time actually not
    very long. Most likely problem is people hitting login button twice.
  
29/03/2002
==========

Make prefs->sent_mail_folder and prefs->postponed_folder relative to
prefs->maildir (motivation: want Fcc: line in postponed messages to be
compatible with Pine which appears to do this).

Roles state lost if you move back and forwards 
  webmail1 <--> webmail2?
  Yes: quite likely give 4 file vs 5 field stuff.
  Switched so that first four columns match => compatible
  (though Fcc information will be lost if we have to backtrack).

Need to spot
  mail/postponed-msgs
  mail/sent-mail
  in prefs file and cmd_prefs. 

Need a final decision on Line Wrap nonsense: get it over with!
  - DONE (I hope!)

Simpler abook format please!
  - Use tab separator and linear whitespace? (encode TAB, nothing else)
  - Provide backwards compatibility with existing format.
  - Already in place!

Draft management
  Store attachments in files rather than memory?
  - DON'T bother!

28/07/2002
==========

Disable MSIE compatibity for Opera in response_raw()

Attach 0 length file --> boom!
  - consequence of string_url_decode for Macs...

27/03/2002
==========

Put up on webmail2.hermes and test w, without optimisations.
  - Whats going on with these erratic SSL errors!
    Self signed certificates or something more sinister going on?
    Possible uninitased variable in iostream/SSL stuff
  - looks like Netscape 4.X (X > 0) has problems with session cache stuff?

  - Appears to have been following:
    SSL_CTX_set_options(server_ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);

25/03/2002
==========

tjc34 reports:
  I don't get any error messages at all - it just appears switched back
  on again if you go back and look after switching it off.
  Ask her to check: DONE, has been fixed.

Help text macro bugs
  - FIXED

Need sanity check on Fcc field in Roles, Compose Fcc.
  - DONE

Personal Dictionary:
  Back to Options screen
   - Fixed (need to append help text)


24/03/2002
==========

Filter bug
  - FIXED (missing QMETA).
  - Check MSshell stuff: appears to be different.

Glorious memory leak in prayer frontend server (leaks into shared)
  SSL session cache: CREATE leaks 12 MBytes, first time only!
   - FIXED (close reopen dbenv after create...)


23/03/2002
==========

Added Fcc header + Fcc element to role.

Add Fcc header and case insensitive sort for dirlist
  - DONE

22/03/2002
==========

Catch attempts to import invalid abook formats.

Check Ports: Solaris. FreeBSD.

21/03/2002
==========

Core dumps from SSL_write
  - SIGPIPE: IGNORE ==> write() will fail.

Windows Netscape <-> SSL problems.

string_url_decode() attachment names

Colourise messages: different quoting levels.
  - DONE (4 levels defined in theme)

Line wrap options
  - DONE

Clean up abook lookup stuff?
  - Not quite as bad as first look
  - Actually duplication is simply so that error reporting correct:
    reports correct address causing loop. Leave it be!


19/03/2002
==========

Help text:
  Replace toolbar with link back to parent screen : DONE
  Need common link to explain master toolbar

IE6 downloads all the icons on each page refresh event.
  - why? Thought: memory cache disabled on shared workstation?

Redirect screen broken?
  Empty email address => 
    Redirection Address must be single, simple and fully qualified
    email address

  tjc34 reports:
    I don't get any error messages at all - it just appears switched back
    on again if you go back and look after switching it off.

Need theme selection on Prefs screen.

Need some more themes
  - Expand list.

14/03/2002
==========

Need ssl_prune routine.

11/03/2002
==========

download <-> back button broken:
  switch to download to local disk.

Preserve MIME type on file upload?
  - Happens already.

Upper bound on total memory use: DONE

Check for file descriptor/memory leaks

Factor out common code into library
 => easier to replace prayer-session without replacing prayer.
 - INSTEAD: separate version numbers for prayer and prayer-session
    => bumping version numbers doesn't change code.
       can run diff on Prayer to see if needs changing
       Still need separate prayer-session init script!

Rationalise config files:
  Make sure everything enabled properly.

07/03/2002
==========

Catch SIGPIPE ==> core dump  (+ other signals?)
  ==> should help us in tracking.

Download bug: (Netscape specific?)
  Redisplay --> display screen
  Propose: Download should download to local harddisk
  Fixed

Some kind of crash bug which does not cause core dumps involving
attachments? Gives no data in document error (probably just a consequence
of crash).
  - May be Netscape 4.7 on Windows
  - May relate to strange attachment names?

 Problem was sendmail/exim considering single '.' on line to be EOF:
 dropping connections before attachment sent => EPIPE
 (and this rather more common with attahments present because of QP
  encoding of text segment).

Attachments:
  Some crash problem specific to Mac

Assorted restart bugs?
  - believe existing bugs fixed

Crash bug involving attachment upload (lost core dumps? Silly bugger).
  - may be related to above?

05/03/2002
==========

SSL certificate cache.
  Need some way of sharing state between processes? Have a look at just
  what Apache mod_ssl does. Conceivable that we need a multithreaded prayer
  frontend process which works a bit like stunnel.

Themes.
  - Try white/gray (#FFFFFF, #EEEEEE) mix if nothing else!
  - Add to add option.

Jon noticed:
  I've just noticed that, when I'm looking at the last message in a folder,
  the text toolbar reads (for me at least):

  Previous | Previous | Copy | Delete | Mark | Reply | Forward


"Error: Checksum mismatch: manually manually .forward file?

list: limit of 42 messages

quota problems on Send ==> leave on compose screen.
  DONE: !!!TEST!!!

Timeout on compose screen should be two hours.

iostream:
  Need to protect read/write clause against EINTR better: DONE in prayer
  Need alarm() based signal for write path?
    Does write() ever block on output?
       - timeout in OS?

31/01/2002
==========

Force user name to lower case (possible this should be config option?)

Check whether Apache optimises socket layer.
  - Borrowed obvious options, need some side by side comparisons.

Sanity check preferences file to catch malicious users.

29/01/2002
==========

Reply to all doesn't handle To and Cc list properly!
  Also stray comma on display...

cmd_reply from zoomed list, then cancel => return to wrong message
  - Problem was incorrect range test in cmd_display, now fixed.

Working on correct display for single part msg != TEXTTEXT

25/01/2002
==========

Fixed a number of small bugs:
  . Reply to All where To addr contained a Hidden; group bombed because
    of strcmp on addr->mailbox && addr->host without validity test

  . Core dump if session_idle() after cmd_restart()

  . Core dump if browser back button used when session idle
     (was failing to call session_check_streams() in time).

21/01/2002
==========

Check MSIE: caching for downloads required?
  (As part of put up on plum, then maroon tomorrow)
  - Answer, yes it does (dopey program!)

Tested with MSIE: _appears_ to be working fine now...

Fixed up various session_messages and session_logs
  - run diffs carefully, then install as 0.9.3!

Folders screens cleaned up:
  Fixed width of various fields to stop things wandering around
  Added &nbsp; as placeholders where needed.

20/01/2002
==========

Catch /etc and ~/ escape sequences in maildir, sent-mail and postponed-msgs
  - Dialogues, preferences and prefs files.

Added session parameter to options_parse and subsiduaries for logging

Record target IMAP machine in User login line (optional), useful for
debugging?

Need to catch delete failures.
  - was doing this correctly in 1/2 cases.

prayer.rpt:
  Couple of minor markup/comment bugs

Pound signs.
  - Missing ';' from '&#xxx;". Sigh!

MSIE "application/octet-stream" downloads.
  - Fixed by looking at what SquirrelMail does
  - Short answer is to use Content-Disposition; inline; filename=whatever
  - Still unsure whether IE needs caching switched on

Strip leading path from attachment uploads and downloads:
  present last part only (whether "/" or "\" characters used).

Clear session->dircache if supress_dotfiles triggered!

Move HTML for welcome page out to welcome_path
  - Provided __TIMEOUT__ and __CONTACT__ macros

Report correct message count for mark/aggregate and unmark/aggregate

Fixed supress_dotfiles in master toolbar change dialogue

Use config->login_service_name when generating cmd_abook_xfer screen. 

15/01/2002
==========

Cleanup up release version.

Empty list screen => Still need refresh button
  - have simple version!

Change to inbox => select first unread message.

14/01/2002
==========

Test import/export: Need functional accountd.

Record user_interface level in prefs => can transfer back and forth.
  - just steal code back from 0.8.6!

13/01/2002
==========

Address Book Take: suggest subscreen off message display.
  - DONE

Import/Export Addressbook <-> Hermes .addressbook file.
  - DONE: Still need to test this!

Check XXX comments.
  - DONE. Small number still to be dealt with.

11/01/2002
==========

Prefs etc no longer saved properly.
  - Add save call to start of cmd_list, cmd_display, cmd_compose?
    Should be able to reuse existing code.

Possible to factor our common code from various folder list displays?
  - Looks like it will involve more work than it saves.

Clean up cmd_list and cmd_compose:
  Split out functionalilty into subsiduary modules.

10/01/2002
==========

Remove user_level stuff. Disable help screens. Check cmd_welcome.

Clean up empty screens.

Rename:
  cmd_save      --> cmd_copy
  cmd_save_msg  --> cmd_copy_msg

Clear out redundant icons.

Split html_banner_toolbar into component functions rather than overloading
single function with hacks.

Front page:
  Discourage non-SSL logins.
  Put text only vs text and icons links dialogue on front page?