Tuesday 5th February 2019
Fedora Project
Petr Pisar kindly reviewed and approved my perl-Regexp-Trie package submission
Imported and built perl-Regexp-Trie (0.02) for F-28, F-29, Rawhide, EPEL-6 and EPEL-7
Local Packages
Updated dovecot to 2.3.4.1:
CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing
ssl_cert_username_field setting was ignored with external SMTP AUTH, because none of the MTAs (Postfix, Exim) currently send the cert_username field; this may have allowed users with trusted certificate to specify any username in the authentication (this bug didn't affect Dovecot's Submission service)
Updated dovecot (2.2) to 2.2.36.1:
CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing
ssl_cert_username_field setting was ignored with external SMTP AUTH, because none of the MTAs (Postfix, Exim) currently send the cert_username field; this may have allowed users with trusted certificate to specify any username in the authentication (this bug didn't affect Dovecot's Submission service)
pop3_no_flag_updates=no: Don't expunge RETRed messages without QUIT
director: Kicking a user assert-crashes if login process is very slow
lda/lmtp: Fix assert-crash with some Sieve scripts when mail_attachment_detection_options=add-flags-on-save
fs-compress: Using maybe-gz assert-crashed when reading 0 sized file
Snippet generation crashed with invalid Content-Type:multipart
Also updated pigeonhole to 0.4.24.1:
imapsieve: Added imapsieve_expunge_discarded setting, which causes discarded messages to be expunged immediately
Sieve scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context that modify the message, store the message a second time, rather than replacing the originally stored unmodified message
imapsieve: Fix crash when COPYing mails from a virtual mailbox when the source messages originate from more than a single real mailbox
imap_filter_sieve plugin: Implement the missing UID FILTER command
imap_filter_sieve plugin: Fix FILTER to work with pipelining
Updated perl-Regexp-Trie (0.02) to improve test coverage by running t/01-dict.t (long test) as well as the default tests
Rebuilt libgpg-error (1.33), libidn (1.35), libmetalink (0.1.3), libnet (1.1.6), libxslt (1.1.32), perl-HTML-Tidy (1.60), perl-Moose (2.2011), perl-Mouse (2.5.6) and perl-Perl-Critic (1.132) for the Fedora_30_Mass_Rebuild