#acl PaulHowarth:read,write,admin,revert,delete All:read === Tuesday 2nd October 2018 === ==== Local Packages ==== * Updated `dovecot` (2.3.x): * Updated dovecot to 2.3.3: * `doveconf` hides more secrets now in the default output * `ssl_dh` setting is no longer enforced at startup; if it's not set and non-ECC DH key exchange happens, an error is logged and the client is disconnected * Added `log_debug=` setting * Added `log_core_filter=` setting * `quota-clone`: Write to dict asynchronously * `--enable-hardening` attempts to use retpoline Spectre 2 mitigations * lmtp proxy: Support `source_ip passdb` extra field * `doveadm` stats dump: Support more fields and output `stddev` by default * `push-notification`: Add SSL support for OX backend * NUL bytes in mail headers can cause truncated replies when fetched * `director`: Conflicting host up/down state changes may in some rare situations ended up in a loop of two directors constantly overwriting each others' changes * `director`: Fix hang/crash when multiple `doveadm` commands are being handled concurrently * `director`: Fix assert-crash if `doveadm` disconnects too early * `virtual` plugin: Some searches used 100% CPU for many seconds * `dsync` assert-crashed with `acl` plugin in some situations * `mail_attachment_detection_options=add-flags-on-save` assert-crashed with some specific Sieve scripts * Mail snippet generation crashed with mails containing invalid `Content-Type:multipart` header * Log prefix ordering was different for some log lines * `quota`: With `noenforcing` option current quota usage wasn't updated * auth: Kerberos authentication against Samba assert-crashed * stats clients were unnecessarily chatty with the stats server * `imapc`: Fixed various assert-crashes when reconnecting to server * lmtp, submission: Fix potential crash if client disconnects while handling a command * `quota`: Fixed compiling with `glibc`-2.26 / support `libtirpc` * fts-solr: Empty search values resulted in `400 Bad Request` errors * fts-solr: `default_ns` parameter couldn't be used * submission server crashed if relay server returned over 7 lines in a reply (e.g. to `EHLO`) * Updated `pigeonhole` to 0.5.3: * Fix assertion panic occurring when `managesieve` service fails to open INBOX while saving a Sieve script; this was caused by a lack of clean-up after failure * Fix specific messages causing an assert panic with actions that compose a reply (e.g. `vacation`); with some rather weird input from the original message, the header folding algorithm (as used for composing the `References` header for the reply) got confused, causing the panic * `IMAP FILTER=SIEVE` capability: Fix `FILTER SIEVE SCRIPT` command parsing; after finishing reading the Sieve script, the command parsing sometimes didn't continue with the search arguments - this is a time-critical bug that likely only occurs when the Sieve script is sent in the next TCP frame ----