#acl PaulHowarth:read,write,admin,revert,delete All:read === Friday 16th March 2012 === ==== Fedora Project ==== * Updated `libssh2` in F-16 to fix failing key re-exchange when write channel is saturated ([[RedHatBugzilla:804155|Bug #804155]]) * Updated `libssh2` in F-17 to fix failing key re-exchange when write channel is saturated ([[RedHatBugzilla:804156|Bug #804156]]) . I haven't updated Rawhide yet because [[http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml|there's a build problem with openssl 1.0.1]] that I'd like to resolve first * Updated `mod_fcgid` (only in `git`) to add CVE reference ([[CVE:2012-1181|CVE-2012-1181]]) to previous update (i.e. the issue was already fixed in January but it wasn't considered a security issue and hence no CVE number) ==== Local Packages ==== * Updated `dovecot` (2.0) to update `dovecot` to 2.0.19: * `IMAP`: `ENABLE CONDSTORE/QRESYNC + STATUS` for a mailbox might not have seen latest external changes to it, like new mails * `imap_id_*` settings were ignored before login * `doveadm altmove` did too much work sometimes, retrying moves it had already done * `mbox`: fixed accessing Dovecot v1.x `mbox` index files without errors . and `pigeonhole` to 0.2.6: * This release fixes unintentional behaviour of the `include` extension: included script names with a name like "`name.sieve`" would implicitly map to a script file called "`name.sieve`" and not "`name.sieve.sieve`" (keep in mind that the `.sieve` file extension has no meaning from within the `Sieve` language; a `Sieve` script is always stored with an appended `.sieve` file extension, even when the name already ends with a `.sieve` suffix) . '''Important:''' Some installations have relied on this unintentional feature, so check your script includes for issues before upgrading * Matched changes regarding `auth_verbose` setting in Dovecot * Fixed problem in `ManageSieve` that caused it to omit a `WARNINGS` response code when the uploaded script compiled with warnings * Made sure that locations of Sieve error never report "`line 0`" * Fixed potential segfault occurring when interpreter initialization fails * Updated `dovecot` to 2.1.2: * Initial implementation of `dsync`-based replication; for now this should be used only on non-critical systems * proxying: `POP3` now supports sending remote IP+port from proxy to backend server via Dovecot-specific `XCLIENT` extension * proxying: `proxy_maybe=yes` with `host=` (instead of `IP`) now works properly * proxying: added `auth_proxy_self` setting * proxying: added `proxy_always` extra field (see wiki docs) * Added `director_username_hash` setting to specify what part of the username is hashed; this can be used to implement per-domain backends (which allows safely accessing shared mailboxes within domain) * Added a "`session ID`" string for `imap`/`pop3` connections, available in `%{session}` variable; the session ID passes through Dovecot `IMAP`/`POP3` proxying to backend server (the same session ID is can be reused after a long time, currently a little under 9 years) * `passdb` `checkpassword`: support "credentials lookups" (for non-plaintext auth and for `lmtp_proxy` lookups) * `fts`: added `fts_index_timeout` setting to abort search if indexing hasn't finished by then (default is to wait forever) * `doveadm sync`: if mailbox was expunged empty, messages may have come back instead of also being expunged in the other side * `director`: if user logged into two directors while near user expiration, the directors might have redirected the user to two different backends * `imap_id_*` settings were ignored before login * Several fixes to `mailbox_list_index=yes` * Previous v2.1.x didn't log all messages at shutdown * `mbox`: fixed accessing Dovecot v1.x `mbox` index files without errors * Updated `libssh2` as per the Fedora version * Updated `mod_fcgid` (only in `svn`) to add CVE reference ([[CVE:2012-1181|CVE-2012-1181]]) to previous update (i.e. the issue was already fixed in January but it wasn't considered a security issue and hence no CVE number) * Updated `perl-Parse-RecDescent` to 1.967009: * Revised `ExtUtils::MakeMaker` build/configure version requirements ([[CPAN:74787|CPAN RT#74787]]) * Revised `Text::Balanced` prereq to require version 1.95, necessary for `t/skip.t` to pass ([[CPAN:74787|CPAN RT#74787]]) * Removed unused `version.pm` prereq * Fix/work around circular reference memory leaks ([[CPAN:53710|CPAN RT#53710]]) * `Parse::RecDescent::AUTOLOAD` did not correctly handle initializing the line counting mechanism when a reference to a scalar was passed to the parser ([[CPAN:27705|CPAN RT#27705]]) * Restore old `_parserepeat` calling convention: change a parser's `DESTROY` method to check for `$self->{_not_precompiled}` instead of `$self->{_precompiled}` ([[CPAN:74593|CPAN RT#74593]]) * Updated `perl-Module-ExtractUse` to recompile the grammar in order to work with `Parse::RecDescent` ≥ 1.967009 ([[CPAN:74879|CPAN RT#74879]]) * Updated `perl-Symbol-Util` to 0.0203: * Compiles cleanly with `Perl` 5.14: `defined(%hash)` and `defined(@array)` are deprecated ([[CPAN:75763|CPAN RT#75763]]) * Minor changes in POD * Updated `perl-Test-Requires` to not build-require `perl(Test::Perl::Critic)` when bootstrapping so as to avoid circular build dependencies * Updated `perl-Text-CSV_XS` to 0.88: * Fix for `$/` in 0.86 broke parsing fields that contain excessive `$/`'s * Updated `perl-XML-LibXML` to 1.96: * Add leading minus signs to the commands of `install_sax_driver`, which makes the `make` process succeed even if they fail ([[CPAN:75007|CPAN RT#75007]]) * Skip `t/49callbacks_returning_undef.t` with `perl(URI)` < 1.35 (http://www.city-fan.org/tips/PaulHowarth/Blog/2011-09-06) ----