An update that solves one vulnerability and has one errata
is now available.
Description:
This update for claws-mail fixes the following issues:
- Additional cleanup of the template handling
claws-mail was updated to 3.17.8 (boo#1177967)
* Shielded template's |program{} and |attach_program{} so that the
command-line that is executed does not allow sequencing such as with
&& || ;, preventing possible execution of nasty, or at least
unexpected, commands
* bug fixes: claws#4376
* updated English, French, and Spanish manuals
-
Update to 3.17.7
- Image Viewer: Image attachments, when displayed, are now resized to
fit the available width rather than the available height.
- -d is now an alias to --debug.
- Libravatar plugin: New styles supported: Robohash and Pagan.
- SpamAssassin plugin: The βMaximum sizeβ option now matches
SpamAssassinβs maximum; it can now handle messages up to 256MB.
- LiteHTML viewer plugin: The UI is now translatable. Bug fixes:
- bug 4313, βRecursion stack overflow with rebuilding folder treeβ
- bug 4372, β[pl_PL] Crash after βSend laterβ without recipient and then
βCloseββ
- bug 4373, βattach mailto URI double freeβ
- bug 4374, βinsert mailto URI misses checksβ
- bug 4384, βU+00AD (soft hyphen) changed to space in Subjectβ
- bug 4386, βAllow Sieve config without userid without warningβ
- Add missing SSL settings when cloning accounts.
- Parsing of command-line arguments.
- PGP Core plugin: fix segv in address completion with a keyring.
- Libravatar plugin: fixes to image display.
-
Disable python-gtk plugin on suse_version > 1500: still relying
on python2, which is EOL.
-
Update to 3.17.6:
- It is now possible to βInherit Folder properties and processing rules
from parent folderβ when creating new folders with the move message
and copy message dialogues.
- A Phishing warning is now shown when copying a phishing URL, (in
addition to clicking a phishing URL).
- The progress window when importing an mbox file is now more responsive.
- A warning dialogue is shown if the selected privacy system is βNoneβ
and automatic signing amd/or encrypting is enabled.
- Python plugin: pkgconfig is now used to check for python2. This
enables the Python plugin (which uses python2) to be built on newer
systems which have both python2 and python3. Bug fixes:
- bug 3922, βminimize to tray on startup not workingβ
- bug 4220, βgenerates files in cache without contentβ
- bug 4325, βFollowing redirects when retrieving imageβ
- bug 4342, βImport mbox file command doesnβt work twice on a rowβ
- fix STARTTLS protocol violation
- fix initial debug line
- fix fat-fingered crash when v (hiding msgview) is pressed just before
c (check signature)
- fix non-translation of some Templates strings
-
Update to 3.17.5
- Inline Git patches now have colour syntax highlighting The colours of
these, and patch attachments, are configurable on the βOtherβ tab of
the Display/Colors page of the general preferences.
- The previously hidden preference, βsummary_from_showβ, is now
configurable within the UI, on the βMessage Listβ tab of the
Display/Summaries page of the general preferences, βDisplayed in From
column [ ]β.
- βRe-editβ has been added to the message context menu when in the
Drafts folder.
- Additional Date header formats are supported:
- weekday, month, day, hh, mm, ss, year, zone
- weekday, month, day, hh, mm, ss, year
- LiteHtml viewer plugin: scrolling with the keyboard has been
implemented.
- The included tools/scripts have been updated:
- Updated manuals
- Updated translations: British English, Catalan, Czech, Danish, Dutch,
French, German, Russian, Slovak, Spanish, Swedish, Traditional
Chinese, Turkish
- bug fixes: claws#2131, claws#4237, claws#4239, claws#4248, claws#4253,
claws#4257, claws#4277, claws#4278, claws#4305
- Misc bugs fixed:
- Fix crash in litehtml_viewer when tag has no href
- removed βThe following file has been attachedβ¦β dialogue
- MBOX import: give a better estimation of the time left and grey out
widgets while importing
- Fixed βvcard.c:238:2: warning: βstrncpyβ output truncate before
terminating nul copying as many bytes from a string as its lengthβ
- RSSyl: Fix handling deleted feed items where modified and published
dates do not match
- fix bolding of target folder
- when creating a new account, donβt pre-fill data from the default
account
- respect βdefault selectionβ settings when moving a msg with manual
filtering
- Fix printing of empty pages when the selected part is rendered with
a plugin not implementing print
- Addressbook folder selection dialogs: make sure folder list is
sorted and apply global prefs to get stripes in lists.
- when user cancels the GPG signing passphrase dialogue, donβt bother
the user with an βerrorβ dialogue
- Fix imap keyword search. Libetpan assumes keyword search is a MUST
but RFC states it is a MAY. Fix advanced search on MS Exchange
- fix SHIFT+SPACE in msg list, moving in reverse
- revert pasting images as attachments
- Fix help about command-line arguments that require a parameter.
- Printing: only print as plain text if the part is of type text
- fix a segfault with default info icon when trying to print a
non-text part.
-
Add a test on build-time libetpan version to require the proper version
at run-time (boo#1157594)
-
Move βMark all read/unreadβ menu entries where they belong.
remove-MarkAll-from-message-menu.patch (claws#4278)
add-MarkAll-to-folder-menu.patch (claws#4278)
-
Make litehtml plugin build on Tumbleweed.
-
Update to 3.17.4:
- New HTML viewer plugin: Litehtml viewer
- Added option βEnable keyboard shortcutsβ to the βKeyboard shortcutsβ
frame on /Configuration/Preferences/Other/Miscellaneous
- Compose: implemented copying of attached images to clipboard
- Compose: images and text/uri-list (files) can now be attached by
pasting into the Compose window
- Python plugin: window sizes are now remembered for the Python console,
the βOpen URLsβ and the βSet mailbox orderβ windows.
- Fancy plugin: the download-link feature now follows redirections
- MBOX export: the Enter key in the dialogue now starts the export
- The date (ISO format) has been added to log timestamps
- Update translations
- bug 1920, βNo automatic NNTP filteringβ
- bug 2045, βaddress book blocks focus on email windowβ
- bug 2131, βFocus stealing after mail checkβ
- bug 2627, βFiltering does not work on NNTPβ
- bug 3070, βmisbehaving text wrapping when URL chars are presentβ
- bug 3838, βCanceled right-click on message list leaves UI in
inconsistent stateβ
- bug 3977, βFix crashes when some external APIs failβ
- bug 3979, βHang (with killing needed) during action which extracts
attachmentsβ
- bug 4029, βsegfault after deleting message in a windowβ
- bug 4031, βfingerprint in SSL/TLS certificates for β¦ (regress
error)β
- bug 4037, βFix some small issuesβ
- bug 4142, βTranslation error on Russianβ
- bug 4145, βproxy server for sending doesnβt workβ
- bug 4155, βremember directory of last savingβ
- bug 4166, βcorrupted double-linked listβ
- bug 4167, βMax line length exceeded when forwarding mailβ
- bug 4188, βSTL file is sent not as an attachment but as its base64
representation in plaintextβ
- CID 1442278, βimpossible to trigger buffer overflowβ
- Make key accelerators from menu work in addressbook window
- save checkbox choices of display/summaries/defaults prefs
- Do not throw an error when cancelling βSave email asβ¦β.
- occasional crash on dragβnβdrop of msgs
- possible stack overflow in vcalendarβs Curl data handler
- crash when LDAP address source is defined in index, but
- support is disabled
- crash in Fancy plugin if one of the MIME parts has no
- -ID
- a few small memory leaks in scan_mailto_url()
- configure script for rare cases where python is not installed
- incorrect charset conversion in sc_html_read_line().
- markup in βkey not fully trustedβ warning in pgpcore
- use after free in rare code path in rssyl_subscribe()
- several memory leaks
- verify_folderlist_xml() for fresh starts
- printf formats for size_t and goffset arguments.
- alertpanel API use in win32 part of mimeview.c
- pid handling in debug output of kill_children_cb()
- incorrect pointer arithmetic in w32_filesel.c
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or βzypper patchβ.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-1822=1
-
openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-1822=1
-
openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2020-1822=1
-
openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-1822=1