M
Mikel Lindsaar
[ANN] TMail 1.2.3 - Security Update - 11 Apr 2008
IMPORTANT NOTE:
-------------------
This is a recommended upgrade for all TMail users of TMail version
1.0.0 or above (which includes all Rails 2.x users - see below)
Information:
-------------------
TMail is an e-mail handling library for Ruby!
TMail is the Ruby Mail handler used in the Ruby on Rails and Nitro web
frame works as well as many others (including,
the Ruby Talk mail gateway).
TMail is a gem. You can install it on any platform via:
# gem install tmail
Alternatively you can download the source code or view extra
documentation at the website:
http://tmail.rubyforge.org/
Release Summary:
------------------
This update handles a potential DOS vulnerability on any host using
TMail to handle incomming email; a crafted email with
carefully positioned whitespace can cause the TMail library to go into
an endless loop causing denial of service attack on
email services.
Ruby on Rails and Nitro users need to just do a "gem update tmail" to
get this security patch applied to their web framework.
All other users of course, just need to "gem update tmail" as well.
New release handles five tickets in the TMail tracker as well as more
documentation and more work on the moving target of Ruby 1.9's
character set Encoding/Decoding functionality.
Additionally added 7 more test cases to the library to handle the above tickets.
This should be a drop in replacement for existing TMail installations
- unless you are using TMail on Ruby 1.9, in which
case, you _might_ run into encoding problems if you are on Ruby 1.9.1,
Ruby 1.9 still works (pre January 2008 release), YMMV, any feedback on
TMail on Ruby 1.9.1 with patches is really welcome!
Release Update Details:
-------------------------
* Closed #18881 - TMail goes into an endless loop if sent an crafted
email which puts a whitespace character at position 78 of the line
to be wrapped.
* Closed #19203 - TMail errors in Ruby 1.9.1 on invalid multibyte chars.
* Closed #18814 - Fixed attchment.rb failing on mail part that had a
nil content-type - now assumes text/plain as the missing content type
and preserves the mail structure.
* Closed #18516 - Fixed TMail::Mail#preamble, and added #preamble=,
this allows you now to set and read the preamble text of an email
(the plain text that appears before any MIME encoded attachments that
you can read in any email client) (Charles Lowe)
* Closed #18515 - Removed ftools from test case to clean it up (Charles Lowe)
Bug Reports / Fixes:
----------------------
As always, we really welcome any bug reports or code for patches you
have created. Please submit anything you find through
our RubyForge tracker project which you can get to from our website:
http://tmail.rubyforge.org/
We hope you enjoy this release!
The TMail Team.
Changes:
=== 1.2.2 / 2008-03-07
* Fixed install bug with gem pacakge (1.2.1 was not compiling on gem install)
* A _LOT_ more documentation...!
* More documentation - (Mikel)
* Applied Ruby 1.9 patches to the library - All tests passing now - (Mikel)
* Closed #17719 - Fixed UNIXMbox code - readonly was not working and
raising an exception. Now works.
* Closed #18038 - Multiple froms not being parsed correctly, added a
test case to cover this and show the correct handling - (Mikel)
=== 1.2.1 / 2008-01-11
* More documentation (Mikel)
* Added 15 test cases from the Rails ActionMailer to TMail
* Changed mailscanner to tmailscanner (mailscanner is copyrighted)
* Closed Bug - Handled quote boundary being gready on content-type
header (M. Mondragon)
* Closed #16025 - Fixed scanner.rb so it passes same tests as scanner.c
* Closed #16283 - Handled incorrect decoding of attachments (M. Aoki - garyo)
* Closed #16899 - HeaderField.new_from_port and added test cases to
cover this code (Maarten O.)
* Closed #16900 - UNIXMbox.fromaddr missing port param and does not
return Envelope Sender (Maarten O.)
=== 1.2.0 / 2007-11-29
* 5 major enhancements:
* Extensive documentation work. (mikel)
* Renamed scanner_c.c to mailscanner.c. (trans)
* Removed base64 c extension. It's speed benefit was negligable
(only 0.2 sec over 10000 sizable encode/decode runs) (trans)
* Closed 15445 - TMail::Mail#create_forward now returns a new Mail
object that has the original mail as an encoded 7 bit multipart
attachment. Also moved create_forward and create_reply from tmail/net
into tmail/interface as it makes more sense to have it there. (mikel)
* Closed 15643 - TMail::Mail#reply_addresses was returning an empty
array if reply_to was set to nil (ie, the header field existed but was
empty) instead of returning the from address or default. (mikel)
* Closed 16025 - TMail scanner.rb would not parse ATOM chars
correctly making it fail tests where the C version passed them. Fixed
this by updating the Scanner.rb version to be in step with the C
version (there was an extra @ symbol in the ATOM CHARS definition that
was not in the C version.) (mikel)
* Fixed scanner.rb so that it would pass the same tests that the C
version does - had a sundry @ symbol inside of the ATOM CHARS
* 3 minor enhancements:
* Renamed scanner_c.c to tmailscanner.c (trans)
* Changed TMail::Mail#sender to have a default "default" value of
nil to be in alignment with all the other interface methods (mikel)
* Made base64_decode and base64_encode into ! versions as they are
destructive on the mail body (encodes the body to base64 or decodes
it), made aliases for base64_decode and base64_encode to point back to
the bang versions. Doing this with a view to change base64_encode to
a non destructive version (returns the encoded body) in future
versions. (mikel)
=== 1.1.1 / 2007-11-05
* 3 major enhancement:
* Created unified package, for installation in any platform.
* Added require_arch.rb to facilitate multi-platform support.
* If compilation fails, set NORUBYEXT="true" and reinstall.
* 3 minor enhancement:
* Fixed line wrapping of long header fields so that they wrap at the
correct whitespace points.
* Fixed bug where re-assigning the mail.body to existing mail object
that already had a parsed body would not re-parse the body.
* Started documenting the source code... lots more to do.
=== 1.1.0 / 2007-10-28
* 1 minor enhancements:
* Changed the quoting of paramaters in the header fields to wrap
double quotes around fields that are needed to be quoted.
* Removed keeping double quotes around a filename that does not need
double quotes per RFC 1521
* More clean up and getting tests passing. Now standing at 2
failures out of 3366 assertions. One is the incorrect handling of
"@"@test.com (returns @@test.com) and the other is a japanese encoding
issue.
=== 1.0.0 / 2007-10-28
* 1 major enhancement:
* TMail is now released as a GEM!
* 2 minor enhancements:
* Fixed bug 15077 - TMail now recognizes attachments as soon as they
are added to the body.
* Refactored handling of quotations in header fields - now cleaner
IMPORTANT NOTE:
-------------------
This is a recommended upgrade for all TMail users of TMail version
1.0.0 or above (which includes all Rails 2.x users - see below)
Information:
-------------------
TMail is an e-mail handling library for Ruby!
TMail is the Ruby Mail handler used in the Ruby on Rails and Nitro web
frame works as well as many others (including,
the Ruby Talk mail gateway).
TMail is a gem. You can install it on any platform via:
# gem install tmail
Alternatively you can download the source code or view extra
documentation at the website:
http://tmail.rubyforge.org/
Release Summary:
------------------
This update handles a potential DOS vulnerability on any host using
TMail to handle incomming email; a crafted email with
carefully positioned whitespace can cause the TMail library to go into
an endless loop causing denial of service attack on
email services.
Ruby on Rails and Nitro users need to just do a "gem update tmail" to
get this security patch applied to their web framework.
All other users of course, just need to "gem update tmail" as well.
New release handles five tickets in the TMail tracker as well as more
documentation and more work on the moving target of Ruby 1.9's
character set Encoding/Decoding functionality.
Additionally added 7 more test cases to the library to handle the above tickets.
This should be a drop in replacement for existing TMail installations
- unless you are using TMail on Ruby 1.9, in which
case, you _might_ run into encoding problems if you are on Ruby 1.9.1,
Ruby 1.9 still works (pre January 2008 release), YMMV, any feedback on
TMail on Ruby 1.9.1 with patches is really welcome!
Release Update Details:
-------------------------
* Closed #18881 - TMail goes into an endless loop if sent an crafted
email which puts a whitespace character at position 78 of the line
to be wrapped.
* Closed #19203 - TMail errors in Ruby 1.9.1 on invalid multibyte chars.
* Closed #18814 - Fixed attchment.rb failing on mail part that had a
nil content-type - now assumes text/plain as the missing content type
and preserves the mail structure.
* Closed #18516 - Fixed TMail::Mail#preamble, and added #preamble=,
this allows you now to set and read the preamble text of an email
(the plain text that appears before any MIME encoded attachments that
you can read in any email client) (Charles Lowe)
* Closed #18515 - Removed ftools from test case to clean it up (Charles Lowe)
Bug Reports / Fixes:
----------------------
As always, we really welcome any bug reports or code for patches you
have created. Please submit anything you find through
our RubyForge tracker project which you can get to from our website:
http://tmail.rubyforge.org/
We hope you enjoy this release!
The TMail Team.
Changes:
=== 1.2.2 / 2008-03-07
* Fixed install bug with gem pacakge (1.2.1 was not compiling on gem install)
* A _LOT_ more documentation...!
* More documentation - (Mikel)
* Applied Ruby 1.9 patches to the library - All tests passing now - (Mikel)
* Closed #17719 - Fixed UNIXMbox code - readonly was not working and
raising an exception. Now works.
* Closed #18038 - Multiple froms not being parsed correctly, added a
test case to cover this and show the correct handling - (Mikel)
=== 1.2.1 / 2008-01-11
* More documentation (Mikel)
* Added 15 test cases from the Rails ActionMailer to TMail
* Changed mailscanner to tmailscanner (mailscanner is copyrighted)
* Closed Bug - Handled quote boundary being gready on content-type
header (M. Mondragon)
* Closed #16025 - Fixed scanner.rb so it passes same tests as scanner.c
* Closed #16283 - Handled incorrect decoding of attachments (M. Aoki - garyo)
* Closed #16899 - HeaderField.new_from_port and added test cases to
cover this code (Maarten O.)
* Closed #16900 - UNIXMbox.fromaddr missing port param and does not
return Envelope Sender (Maarten O.)
=== 1.2.0 / 2007-11-29
* 5 major enhancements:
* Extensive documentation work. (mikel)
* Renamed scanner_c.c to mailscanner.c. (trans)
* Removed base64 c extension. It's speed benefit was negligable
(only 0.2 sec over 10000 sizable encode/decode runs) (trans)
* Closed 15445 - TMail::Mail#create_forward now returns a new Mail
object that has the original mail as an encoded 7 bit multipart
attachment. Also moved create_forward and create_reply from tmail/net
into tmail/interface as it makes more sense to have it there. (mikel)
* Closed 15643 - TMail::Mail#reply_addresses was returning an empty
array if reply_to was set to nil (ie, the header field existed but was
empty) instead of returning the from address or default. (mikel)
* Closed 16025 - TMail scanner.rb would not parse ATOM chars
correctly making it fail tests where the C version passed them. Fixed
this by updating the Scanner.rb version to be in step with the C
version (there was an extra @ symbol in the ATOM CHARS definition that
was not in the C version.) (mikel)
* Fixed scanner.rb so that it would pass the same tests that the C
version does - had a sundry @ symbol inside of the ATOM CHARS
* 3 minor enhancements:
* Renamed scanner_c.c to tmailscanner.c (trans)
* Changed TMail::Mail#sender to have a default "default" value of
nil to be in alignment with all the other interface methods (mikel)
* Made base64_decode and base64_encode into ! versions as they are
destructive on the mail body (encodes the body to base64 or decodes
it), made aliases for base64_decode and base64_encode to point back to
the bang versions. Doing this with a view to change base64_encode to
a non destructive version (returns the encoded body) in future
versions. (mikel)
=== 1.1.1 / 2007-11-05
* 3 major enhancement:
* Created unified package, for installation in any platform.
* Added require_arch.rb to facilitate multi-platform support.
* If compilation fails, set NORUBYEXT="true" and reinstall.
* 3 minor enhancement:
* Fixed line wrapping of long header fields so that they wrap at the
correct whitespace points.
* Fixed bug where re-assigning the mail.body to existing mail object
that already had a parsed body would not re-parse the body.
* Started documenting the source code... lots more to do.
=== 1.1.0 / 2007-10-28
* 1 minor enhancements:
* Changed the quoting of paramaters in the header fields to wrap
double quotes around fields that are needed to be quoted.
* Removed keeping double quotes around a filename that does not need
double quotes per RFC 1521
* More clean up and getting tests passing. Now standing at 2
failures out of 3366 assertions. One is the incorrect handling of
"@"@test.com (returns @@test.com) and the other is a japanese encoding
issue.
=== 1.0.0 / 2007-10-28
* 1 major enhancement:
* TMail is now released as a GEM!
* 2 minor enhancements:
* Fixed bug 15077 - TMail now recognizes attachments as soon as they
are added to the body.
* Refactored handling of quotations in header fields - now cleaner