Next | Query returned 71 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2022-05-11 11:28:07 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
dovecot2-pigeonhole: updated to 0.5.19

This release is done to maintain parity with dovecot 2.3.19 release, so it does \ 
not contain any news-worthy changes.
   2022-02-03 22:02:53 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
dovecot2-pigeonhole: updated to 0.5.18

v0.5.18

	- duplicate: Users without a home directory can crash with Sieve when
	  using duplicate database. v2.3.17 regression.
	- imapsieve: When mail was expunged when processing imapsieve events, a
	  crash could occur. Fixes Panic: file mail-index-map.c:
	  line 558 (mail_index_map_lookup_seq_range): assertion failed: (first_uid > 0)
	- managesieve-login: Proxy didn't support forwarding the forward_* passdb fields.
	- redirect: Sieve would crash if redirect after keep-equivalent action failed.
	- sieve: Interpreter crashes when the Sieve index extension is used with
	  index zero.
	- vnd.dovecot.filter: Envelope sender string may become corrupted when
	  Sieve scripts are using vnd.dovecot.filter. This could end up
	  corrupting mbox's From line and return wrong envelope sender string in
	  Sieve tests.
   2021-12-07 17:58:04 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
dovecot2-pigeonhole: updated to 0.5.17.1

0.5.17.1:
- managesieve: Dovecot failed to start if ssl_ca was too large.
- lib-sieve-tool: Binaries failed to run if ssl_ca was too large.
   2021-11-02 13:04:39 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
dovecot2-pigeonhole: updated to 0.5.17

0.5.17:
- duplicate: The Sieve duplicate test is prone to false negatives when
  the user receives many e-mails concurrently, meaning that duplicate
  deliveries can still occur.
- fileinto: v2.3.16 regression: Sieve delivery crashes if mail is
  delivered to non-existing and existing folder.
- imap-filter-sieve: v2.3.15 regression: The CPU limits on Sieve
  execution are too easily exceeded in IMAP context (the IMAPSieve and
  FILTER=SIEVE capabilities). Changed the default to unlimited CPU time
  for IMAP context, since similar excessive resource usage can be caused
  by other means as well. The CPU limits on Sieve scripts executed at
  LDA/LMTP delivery are still enforced by default.
- redirect:  The Sieve redirect action has protections against users
  triggering mail loops. Unfortunately, the detection of a redirect mail
  loop sometimes causes the message to get lost if no other Sieve action
  is applied that delivers the message somewhere else.
- redirect: v2.3.16 regression: With certain Sieve scripts if redirect
  fails due to temporary failure, the lmtp process may crash after the
  delivery. Fixes:
  Panic: file mail-user.c: line 229 (mail_user_deinit):
  assertion failed: ((*user)->refcount == 1).
   2021-10-26 12:54:34 by Nia Alarie | Files touched by this commit (356)
Log message:
mail: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles were unfetchable (possibly fetched
conditionally?):

./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
   2021-10-07 16:25:52 by Nia Alarie | Files touched by this commit (357)
Log message:
mail: Remove SHA1 hashes for distfiles
   2021-08-08 17:51:18 by Amitai Schleier | Files touched by this commit (2)
Log message:
Update to 0.5.16. From the changelog:

* .dovecot.sieve.log file now includes year in the header.
* Change Sieve script result execution to delay definitive action
  execution to the end of a successful Sieve script execution session.
  This is part of an effort to solve problems with the Sieve duplicate
  test. As a side-effect, some rare temporary-error cases yield
  different results, in which partial failure is more likely.
   2021-06-21 17:34:59 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
mail/dovecot2-pigeonhole: update to 0.5.15

Security release.

v0.5.15 2021-06-21  Aki Tuomi <aki.tuomi@open-xchange.com>

* CVE-2020-28200: Sieve interpreter is not protected against abusive
  scripts that claim excessive resource usage. Fixed by limiting the
  user CPU time per single script execution and cumulatively over
  several script runs within a configurable timeout period. Sufficiently
  large CPU time usage is summed in the Sieve script binary and execution
  is blocked when the sum exceeds the limit within that time. The block
  is lifted when the script is updated after the resource usage times out.
* Disconnection log messages are now more standardized across services.
  They also always now start with "Disconnected" prefix.
- managesieve: Commands pipelined together with and just after the
  authenticate command cause these commands to be executed twice.
   2021-03-07 09:28:21 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
mail/dovecot2-pigeonhole: update to 0.5.14

v0.5.14 2021-03-04  Aki Tuomi <aki.tuomi@open-xchange.com>

	* IMAP FILTER command: cmd-filter-sieve - Do not allow NIL as
	  script name argument.
   2021-01-04 15:58:26 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
mail/dovecot2-pigeonhole: update to 0.5.13

Update dovecot2-pigeonhole package to 0.5.13.

v0.5.13 2021-01-04  Aki Tuomi <aki.tuomi@open-xchange.com>

	- duplicate: The test was handled badly in a multiscript (sieve_before,
	  sieve_after) scenario in which an earlier script in the sequence with
	  a duplicate test succeeded, while a later script caused a runtime
	  failure. In that case, the message is recorded for duplicate tracking,
	  while the message may not actually have been delivered in the end.
	- editheader: Sieve interpreter entered infinite loop at startup when
	  the "editheader" configuration listed an invalid header name. This
	  problem can only be triggered by the administrator.
	- relational: The Sieve relational extension can cause a segfault at
	  compile time. This is triggered by invalid script syntax. The segfault
	  happens when this match type is the last argument of the test command.
	  This situation is not possible in a valid script; positional arguments
	  are normally present after that, which would prevent the segfault.
	- sieve: For some Sieve commands the provided mailbox name is not
	  properly checked for UTF-8 validity, which can cause assert crashes at
	  runtime when an invalid mailbox name is encountered. This can be
	  caused by the user by writing a bad Sieve script involving the
	  affected commands ("mailboxexists", "specialuse_exists").
	  This can be triggered by the remote sender only when the user has
	  written a Sieve script that passes message content to one of the
	  affected commands.
	- sieve: Large sequences of 8-bit octets passed to certain Sieve
	  commands that create or modify message headers that allow UTF-8 text
	  (vacation, notify and addheader) can cause the delivery or IMAP
	  process (when IMAPSieve is used) to enter a memory-consuming
	  semi-infinite loop that ends when the process exceeds its memory
	  limits. Logged in users can cause these hangs only for their own
	  processes.

Next | Query returned 71 messages, browsing 1 to 10 | Previous