PaulHowarth/Blog/2018-10-02

Tuesday 2nd October 2018

Local Packages

  • Updated dovecot (2.3.x):

    • Updated dovecot to 2.3.3:

      • doveconf hides more secrets now in the default output

      • ssl_dh setting is no longer enforced at startup; if it's not set and non-ECC DH key exchange happens, an error is logged and the client is disconnected

      • Added log_debug=<filter> setting

      • Added log_core_filter=<log filter> setting

      • quota-clone: Write to dict asynchronously

      • --enable-hardening attempts to use retpoline Spectre 2 mitigations

      • lmtp proxy: Support source_ip passdb extra field

      • doveadm stats dump: Support more fields and output stddev by default

      • push-notification: Add SSL support for OX backend

      • NUL bytes in mail headers can cause truncated replies when fetched

      • director: Conflicting host up/down state changes may in some rare situations ended up in a loop of two directors constantly overwriting each others' changes

      • director: Fix hang/crash when multiple doveadm commands are being handled concurrently

      • director: Fix assert-crash if doveadm disconnects too early

      • virtual plugin: Some searches used 100% CPU for many seconds

      • dsync assert-crashed with acl plugin in some situations

      • mail_attachment_detection_options=add-flags-on-save assert-crashed with some specific Sieve scripts

      • Mail snippet generation crashed with mails containing invalid Content-Type:multipart header

      • Log prefix ordering was different for some log lines

      • quota: With noenforcing option current quota usage wasn't updated

      • auth: Kerberos authentication against Samba assert-crashed
      • stats clients were unnecessarily chatty with the stats server

      • imapc: Fixed various assert-crashes when reconnecting to server

      • lmtp, submission: Fix potential crash if client disconnects while handling a command

      • quota: Fixed compiling with glibc-2.26 / support libtirpc

      • fts-solr: Empty search values resulted in 400 Bad Request errors

      • fts-solr: default_ns parameter couldn't be used

      • submission server crashed if relay server returned over 7 lines in a reply (e.g. to EHLO)

    • Updated pigeonhole to 0.5.3:

      • Fix assertion panic occurring when managesieve service fails to open INBOX while saving a Sieve script; this was caused by a lack of clean-up after failure

      • Fix specific messages causing an assert panic with actions that compose a reply (e.g. vacation); with some rather weird input from the original message, the header folding algorithm (as used for composing the References header for the reply) got confused, causing the panic

      • IMAP FILTER=SIEVE capability: Fix FILTER SIEVE SCRIPT command parsing; after finishing reading the Sieve script, the command parsing sometimes didn't continue with the search arguments - this is a time-critical bug that likely only occurs when the Sieve script is sent in the next TCP frame

Recent