There was no release for luakit in the last 5 years, so I suggest to
remove it. Also because there are alternatives for vi-like browsers.
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
From the Changelog:
The keys used are:
!: modified feature, -: deleted feature, +: new feature
1.8.0 (2017-02-24):
- $locale has been removed. Mutt now respects the LC_TIME setting
instead. See also $attribution_locale.
+ $attribution_locale can be used to override the date formatting in
attribution strings. When unset, Mutt will use the locale
environment, but note the default value of $date_format has a
leading '!' which says to use the C-locale.
! Message-id and mail-followup-to headers are now preserved for recalled
messages.
+ <unsidebar_whitelist> added to complement <sidebar_whitelist>.
! The pager position is reset to the top when toggling header-weed.
! IMAP messages moved to $trash via server-side copy are marked as read.
+ <root-message> jumps to the root message of a thread.
! Piped text attachments are charset converted.
+ Added %F to $attach_format, to show the content-disposition filename.
%d will fall back to %F which will fall back to %f.
+ <rename-attachment> allows an attachment name to be changed, without
modifying the underlying file's name.
! Mutt will look for the user's muttrc additionally in
$XDG_CONFIG_HOME/mutt/.
+ Compressed mbox and mmdf files are now supported via open-hook,
close-hook, and append-hook. See contrib/sample.muttrc-compress
for suggested settings. Note this is a compile-time option:
--enable-compressed.
+ When $flag_safe is set, flagged messages cannot be deleted.
+ The '@' pattern modifier can be used to limit matches to known aliases.
+ <mark-message> creates a hotkey binding to a specific message. The hotkey
prefix is specified via $mark_macro_prefix.
+ <setenv> and <unsetenv> can be used to add/remove environment variables
passed to children.
! Mutt will now use the built-in OpenSSL SSL_set_verify() callback
to verify certificates. This allows better support for verifying
chains, including alternative chain support.
+ $uncollapse_new controls whether a thread will be uncollapsed when a new
message arrives.
! $to_chars and $status_chars now accept multibyte characters.
+ <subjectrx> allows replacing matching subjects with something else.
This can be used to declutter subject lines in the index.
+ <edit-label> can be used to add, change, or delete a message's X-Label.
! Pattern expressions with ~y support label tab completion.
+ The header cache now also supports Kyoto Cabinet and LMDB as
backend databases.
Fixes:
* CVE-2017-2615
* CVE-2017-5667
* CVE-2017-5898
* CVE-2017-5931
* CVE-2017-5973
We are vulnerable to even more CVEs but those are either not severe like
memory leaks in obscure situations or upstream hasn't acknowledged the
patch yet.
cc #23072
XSA-197 Issue Description:
> The compiler can emit optimizations in qemu which can lead to double
> fetch vulnerabilities. Specifically data on the rings shared
> between qemu and the hypervisor (which the guest under control can
> obtain mappings of) can be fetched twice (during which time the
> guest can alter the contents) possibly leading to arbitrary code
> execution in qemu.
More: https://xenbits.xen.org/xsa/advisory-197.html
XSA-199 Issue Description:
> The code in qemu which implements ioport read/write looks up the
> specified ioport address in a dispatch table. The argument to the
> dispatch function is a uint32_t, and is used without a range check,
> even though the table has entries for only 2^16 ioports.
>
> When qemu is used as a standalone emulator, ioport accesses are
> generated only from cpu instructions emulated by qemu, and are
> therefore necessarily 16-bit, so there is no vulnerability.
>
> When qemu is used as a device model within Xen, io requests are
> generated by the hypervisor and read by qemu from a shared ring. The
> entries in this ring use a common structure, including a 64-bit
> address field, for various accesses, including ioport addresses.
>
> Xen will write only 16-bit address ioport accesses. However,
> depending on the Xen and qemu version, the ring may be writeable by
> the guest. If so, the guest can generate out-of-range ioport
> accesses, resulting in wild pointer accesses within qemu.
More: https://xenbits.xen.org/xsa/advisory-199.html
XSA-207 Issue Description:
> Certain internal state is set up, during domain construction, in
> preparation for possible pass-through device assignment. On ARM and
> AMD V-i hardware this setup includes memory allocation. On guest
> teardown, cleanup was erroneously only performed when the guest
> actually had a pass-through device assigned.
More: https://xenbits.xen.org/xsa/advisory-207.html
XSA-209 Issue Description:
> When doing bitblt copy backwards, qemu should negate the blit width.
> This avoids an oob access before the start of video memory.
More: https://xenbits.xen.org/xsa/advisory-208.html
XSA-208 Issue Description:
> In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
> cirrus_bitblt_cputovideo fails to check wethehr the specified memory
> region is safe.
More: https://xenbits.xen.org/xsa/advisory-209.html