Mailpile is an e-mail client, a search engine and a personal webmail
server. Mailpile is an easy way to encrypt your e-mail. Mailpile is
software you run yourself, on your own computer.
Mailpile is an effort to reclaim private communication on the
Internet. A project to rescue our personal lives from the proprietary
cloud and prevent our conversations from being strip-mined for
corporate profit and government surveillance. Mailpile is taking
e-mail back.
Advices and help from landry@ jca@
ok landry@ jca@
for the relevant PHP versions.
ports which are 5.6-only remain in pecl-foo port directories, set to only
build 5.6 packages
ports which have separate versions for 5.6 and 7.0 are split; the port
directories are named pecl56-foo for the 5.6-compatible version and
pecl-foo for the 7+-version
normal ports are in pecl-foo port directories with flavours for 5.6 and 7.0
switch build configuration from a modified static copy of a file from
exim distribution in files/ to copying and patching the actual file from
the distribution, this was badly out of sync with upstream. done by me
based on Renaud's partial update.
Add patch from iupstream to use gpgme instead kde-applications/gpgmepp which is
dead upstream and merge in gpgme-qt.
Tested by maintainer and me, also tested in a bulk by landry@.
"In Roundcube from versions 1.2.0 to 1.3.5, with the archive
plugin enabled and configured, it's possible to exploit the
unsanitized, user-controlled "_uid" parameter (in an archive.php
_task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform
an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a
sequence. NOTE: this is less easily exploitable in 1.3.4 and later
because of a Same Origin Policy protection mechanism."
https://github.com/roundcube/roundcubemail/releases/tag/1.3.6
convert ssl_protocols strings to min/max values. Patch to neuter the autoconf
check because this code doesn't work correctly (in particular it doesn't
handle strings with !SSLv2) and fallback to the old working code instead.
No reply to https://www.dovecot.org/pipermail/dovecot/2018-March/111260.html
but the code is different in Dovecot master/2.3 (it looks like they did it
this way in 2.2 so they could use the 1.1-api functions without config
changes, but it backfired).
ok Brad
