Friday 16th March 2012
Fedora Project
Updated libssh2 in F-16 to fix failing key re-exchange when write channel is saturated (Bug #804155)
Updated libssh2 in F-17 to fix failing key re-exchange when write channel is saturated (Bug #804156)
I haven't updated Rawhide yet because there's a build problem with openssl 1.0.1 that I'd like to resolve first
Updated mod_fcgid (only in git) to add CVE reference (CVE-2012-1181) to previous update (i.e. the issue was already fixed in January but it wasn't considered a security issue and hence no CVE number)
Local Packages
Updated dovecot (2.0) to update dovecot to 2.0.19:
IMAP: ENABLE CONDSTORE/QRESYNC + STATUS for a mailbox might not have seen latest external changes to it, like new mails
imap_id_* settings were ignored before login
doveadm altmove did too much work sometimes, retrying moves it had already done
mbox: fixed accessing Dovecot v1.x mbox index files without errors
and pigeonhole to 0.2.6:
This release fixes unintentional behaviour of the include extension: included script names with a name like "name.sieve" would implicitly map to a script file called "name.sieve" and not "name.sieve.sieve" (keep in mind that the .sieve file extension has no meaning from within the Sieve language; a Sieve script is always stored with an appended .sieve file extension, even when the name already ends with a .sieve suffix)
Important: Some installations have relied on this unintentional feature, so check your script includes for issues before upgrading
Matched changes regarding auth_verbose setting in Dovecot
Fixed problem in ManageSieve that caused it to omit a WARNINGS response code when the uploaded script compiled with warnings
Made sure that locations of Sieve error never report "line 0"
- Fixed potential segfault occurring when interpreter initialization fails
Updated dovecot to 2.1.2:
Initial implementation of dsync-based replication; for now this should be used only on non-critical systems
proxying: POP3 now supports sending remote IP+port from proxy to backend server via Dovecot-specific XCLIENT extension
proxying: proxy_maybe=yes with host=<hostname> (instead of IP) now works properly
proxying: added auth_proxy_self setting
proxying: added proxy_always extra field (see wiki docs)
Added director_username_hash setting to specify what part of the username is hashed; this can be used to implement per-domain backends (which allows safely accessing shared mailboxes within domain)
Added a "session ID" string for imap/pop3 connections, available in %{session} variable; the session ID passes through Dovecot IMAP/POP3 proxying to backend server (the same session ID is can be reused after a long time, currently a little under 9 years)
passdb checkpassword: support "credentials lookups" (for non-plaintext auth and for lmtp_proxy lookups)
fts: added fts_index_timeout setting to abort search if indexing hasn't finished by then (default is to wait forever)
doveadm sync: if mailbox was expunged empty, messages may have come back instead of also being expunged in the other side
director: if user logged into two directors while near user expiration, the directors might have redirected the user to two different backends
imap_id_* settings were ignored before login
Several fixes to mailbox_list_index=yes
- Previous v2.1.x didn't log all messages at shutdown
mbox: fixed accessing Dovecot v1.x mbox index files without errors
Updated libssh2 as per the Fedora version
Updated mod_fcgid (only in svn) to add CVE reference (CVE-2012-1181) to previous update (i.e. the issue was already fixed in January but it wasn't considered a security issue and hence no CVE number)
Updated perl-Parse-RecDescent to 1.967009:
Revised ExtUtils::MakeMaker build/configure version requirements (CPAN RT#74787)
Revised Text::Balanced prereq to require version 1.95, necessary for t/skip.t to pass (CPAN RT#74787)
Removed unused version.pm prereq
Fix/work around circular reference memory leaks (CPAN RT#53710)
Parse::RecDescent::AUTOLOAD did not correctly handle initializing the line counting mechanism when a reference to a scalar was passed to the parser (CPAN RT#27705)
Restore old _parserepeat calling convention: change a parser's DESTROY method to check for $self->{_not_precompiled} instead of $self->{_precompiled} (CPAN RT#74593)
Updated perl-Module-ExtractUse to recompile the grammar in order to work with Parse::RecDescent ≥ 1.967009 (CPAN RT#74879)
Updated perl-Symbol-Util to 0.0203:
Compiles cleanly with Perl 5.14: defined(%hash) and defined(@array) are deprecated (CPAN RT#75763)
- Minor changes in POD
Updated perl-Test-Requires to not build-require perl(Test::Perl::Critic) when bootstrapping so as to avoid circular build dependencies
Updated perl-Text-CSV_XS to 0.88:
Fix for $/ in 0.86 broke parsing fields that contain excessive $/'s
Updated perl-XML-LibXML to 1.96:
Add leading minus signs to the commands of install_sax_driver, which makes the make process succeed even if they fail (CPAN RT#75007)
Skip t/49callbacks_returning_undef.t with perl(URI) < 1.35 (http://www.city-fan.org/tips/PaulHowarth/Blog/2011-09-06)