Navigation:
Browse pkgsrc
(this page) 2021-06-21 17:34:59 by Takahiro Kambe | Files touched by this commit (2) |  |
Log message: mail/dovecot2-pigeonhole: update to 0.5.15 Security release. v0.5.15 2021-06-21 Aki Tuomi <aki.tuomi@open-xchange.com> * CVE-2020-28200: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU time usage is summed in the Sieve script binary and execution is blocked when the sum exceeds the limit within that time. The block is lifted when the script is updated after the resource usage times out. * Disconnection log messages are now more standardized across services. They also always now start with "Disconnected" prefix. - managesieve: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice. |
| 2021-03-07 09:28:21 by Takahiro Kambe | Files touched by this commit (2) | |
Log message: mail/dovecot2-pigeonhole: update to 0.5.14 v0.5.14 2021-03-04 Aki Tuomi <aki.tuomi@open-xchange.com> * IMAP FILTER command: cmd-filter-sieve - Do not allow NIL as script name argument. |
| 2021-01-04 15:58:26 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
mail/dovecot2-pigeonhole: update to 0.5.13
Update dovecot2-pigeonhole package to 0.5.13.
v0.5.13 2021-01-04 Aki Tuomi <aki.tuomi@open-xchange.com>
- duplicate: The test was handled badly in a multiscript (sieve_before,
sieve_after) scenario in which an earlier script in the sequence with
a duplicate test succeeded, while a later script caused a runtime
failure. In that case, the message is recorded for duplicate tracking,
while the message may not actually have been delivered in the end.
- editheader: Sieve interpreter entered infinite loop at startup when
the "editheader" configuration listed an invalid header name. This
problem can only be triggered by the administrator.
- relational: The Sieve relational extension can cause a segfault at
compile time. This is triggered by invalid script syntax. The segfault
happens when this match type is the last argument of the test command.
This situation is not possible in a valid script; positional arguments
are normally present after that, which would prevent the segfault.
- sieve: For some Sieve commands the provided mailbox name is not
properly checked for UTF-8 validity, which can cause assert crashes at
runtime when an invalid mailbox name is encountered. This can be
caused by the user by writing a bad Sieve script involving the
affected commands ("mailboxexists", "specialuse_exists").
This can be triggered by the remote sender only when the user has
written a Sieve script that passes message content to one of the
affected commands.
- sieve: Large sequences of 8-bit octets passed to certain Sieve
commands that create or modify message headers that allow UTF-8 text
(vacation, notify and addheader) can cause the delivery or IMAP
process (when IMAPSieve is used) to enter a memory-consuming
semi-infinite loop that ends when the process exceeds its memory
limits. Logged in users can cause these hangs only for their own
processes.
|
| 2020-12-04 05:56:20 by Taylor R Campbell | Files touched by this commit (391) |
Log message: Revbump for openpam cppflags change months ago, belatedly. |
| 2020-08-13 17:28:45 by Takahiro Kambe | Files touched by this commit (2) |
Log message: mail/dovecot2-pigeonhole: distfile changes Distfile changes. 1. Official annoucne says "The only change here is that the configure.ac file has correctly formatted version number." 2. Name of distfile is changed to match previous file naming scheme. Old distfile is still available. 3. automake 1.15.1 is used instead of previous 1.15. So, generated files by it are changed. 4. Other files are not changed, so there is no functional change. Bump PKGREVISION. |
| 2020-08-12 17:58:02 by Takahiro Kambe | Files touched by this commit (2) | |
Log message: mail/dovecot2-pigeonhole: update to 0.5.11 Update dovecot2-pigeonhole to 0.5.11. v0.5.11 2020-08-12 Aki Tuomi <aki.tuomi@open-xchange.com> * managesieve: managesieve_max_line_length setting is now a "size" type instead of just number of bytes. This allows using e.g. "64k" as the value. - lib-sieve: When folding white space is used in the Message-ID header, it is not stripped away correctly before the message ID value is used, causing e.g. garbled log lines at delivery. |
| 2020-03-15 23:52:46 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: dovecot2-pigeonhole: updated to 0.5.10 v0.5.10: No changes |
| 2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836) |
Log message: *: Recursive revision bump for openssl 1.1.1. |
| 2019-12-05 10:37:35 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: dovecot-pigeonhole: updated to 0.5.9 v0.5.9: + Added events for Sieve and ManageSieve, see https://doc.dovecot.org/admin_manual/list_of_events/#pigeonhole + Pigeonhole: Implement the Sieve "special-use" extension described in RFC 8579. - duplicate: Test only compared the handles which would cause different values to be cached as the same duplicate test. Fix to also compare the actual hashes. - imap_sieve_filter: IMAP FILTER Command had various bugs in error handling. Errors may have been duplicated for each email, errors may have been missing entirely, command tag and ERRORS/WARNINGS parameters were swapped. |
| 2019-10-22 15:26:19 by Takahiro Kambe | Files touched by this commit (2) | |
Log message: mail/dovecot2-pigeonhole: update to 0.5.8 Update dovecot2-pigeonhole to 0.5.8. 0.5.8 2019-10-08 Changes - Sieve may leak resources in rare cases when a redirect, vacation or report action fails to send the message. This mainly applies when Sieve is executed in IMAP context; i.e., for the IMAPSIEVE or FILTER=SIEVE capabilities. |
New packages: