#acl PaulHowarth:read,write,admin,revert,delete All:read === Tuesday 5th February 2019 === ==== Fedora Project ==== * Petr Pisar kindly reviewed and approved [[RedHatBugzilla:1672274|my perl-Regexp-Trie package submission]] * Imported and built `perl-Regexp-Trie` (0.02) for F-28, F-29, Rawhide, EPEL-6 and EPEL-7 ==== Local Packages ==== * Updated `dovecot` to 2.3.4.1: * [[CVE:2019-3814|CVE-2019-3814]]: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (`ssl_cert_username_field`), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing * `ssl_cert_username_field` setting was ignored with external SMTP AUTH, because none of the MTAs (Postfix, Exim) currently send the `cert_username` field; this may have allowed users with trusted certificate to specify any username in the authentication (this bug didn't affect Dovecot's Submission service) * Updated `dovecot` (2.2) to 2.2.36.1: * [[CVE:2019-3814|CVE-2019-3814]]: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (`ssl_cert_username_field`), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing * `ssl_cert_username_field` setting was ignored with external SMTP AUTH, because none of the MTAs (Postfix, Exim) currently send the `cert_username` field; this may have allowed users with trusted certificate to specify any username in the authentication (this bug didn't affect Dovecot's Submission service) * `pop3_no_flag_updates=no`: Don't expunge `RETR`ed messages without `QUIT` * `director`: Kicking a user assert-crashes if login process is very slow * `lda`/`lmtp`: Fix assert-crash with some Sieve scripts when `mail_attachment_detection_options=add-flags-on-save` * `fs-compress`: Using `maybe-gz` assert-crashed when reading 0 sized file * Snippet generation crashed with invalid `Content-Type:multipart` . Also updated `pigeonhole` to 0.4.24.1: * `imapsieve`: Added `imapsieve_expunge_discarded` setting, which causes discarded messages to be expunged immediately * Sieve scripts running in `IMAPSIEVE` or `IMAP FILTER=SIEVE` context that modify the message, store the message a second time, rather than replacing the originally stored unmodified message * `imapsieve`: Fix crash when COPYing mails from a virtual mailbox when the source messages originate from more than a single real mailbox * `imap_filter_sieve` plugin: Implement the missing `UID FILTER` command * `imap_filter_sieve plugin`: Fix `FILTER` to work with pipelining * Updated `perl-Regexp-Trie` (0.02) to improve test coverage by running `t/01-dict.t` (long test) as well as the default tests * Rebuilt `libgpg-error` (1.33), `libidn` (1.35), `libmetalink` (0.1.3), `libnet` (1.1.6), `libxslt` (1.1.32), `perl-HTML-Tidy` (1.60), `perl-Moose` (2.2011), `perl-Mouse` (2.5.6) and `perl-Perl-Critic` (1.132) for the FedoraProject:Fedora_30_Mass_Rebuild ----