Tuesday 2nd October 2018
Local Packages
Updated dovecot (2.3.x):
- Updated dovecot to 2.3.3:
doveconf hides more secrets now in the default output
ssl_dh setting is no longer enforced at startup; if it's not set and non-ECC DH key exchange happens, an error is logged and the client is disconnected
Added log_debug=<filter> setting
Added log_core_filter=<log filter> setting
quota-clone: Write to dict asynchronously
--enable-hardening attempts to use retpoline Spectre 2 mitigations
lmtp proxy: Support source_ip passdb extra field
doveadm stats dump: Support more fields and output stddev by default
push-notification: Add SSL support for OX backend
- NUL bytes in mail headers can cause truncated replies when fetched
director: Conflicting host up/down state changes may in some rare situations ended up in a loop of two directors constantly overwriting each others' changes
director: Fix hang/crash when multiple doveadm commands are being handled concurrently
director: Fix assert-crash if doveadm disconnects too early
virtual plugin: Some searches used 100% CPU for many seconds
dsync assert-crashed with acl plugin in some situations
mail_attachment_detection_options=add-flags-on-save assert-crashed with some specific Sieve scripts
Mail snippet generation crashed with mails containing invalid Content-Type:multipart header
- Log prefix ordering was different for some log lines
quota: With noenforcing option current quota usage wasn't updated
- auth: Kerberos authentication against Samba assert-crashed
- stats clients were unnecessarily chatty with the stats server
imapc: Fixed various assert-crashes when reconnecting to server
- lmtp, submission: Fix potential crash if client disconnects while handling a command
quota: Fixed compiling with glibc-2.26 / support libtirpc
fts-solr: Empty search values resulted in 400 Bad Request errors
fts-solr: default_ns parameter couldn't be used
submission server crashed if relay server returned over 7 lines in a reply (e.g. to EHLO)
Updated pigeonhole to 0.5.3:
Fix assertion panic occurring when managesieve service fails to open INBOX while saving a Sieve script; this was caused by a lack of clean-up after failure
Fix specific messages causing an assert panic with actions that compose a reply (e.g. vacation); with some rather weird input from the original message, the header folding algorithm (as used for composing the References header for the reply) got confused, causing the panic
IMAP FILTER=SIEVE capability: Fix FILTER SIEVE SCRIPT command parsing; after finishing reading the Sieve script, the command parsing sometimes didn't continue with the search arguments - this is a time-critical bug that likely only occurs when the Sieve script is sent in the next TCP frame
- Updated dovecot to 2.3.3: