#acl PaulHowarth:read,write,admin,revert,delete All:read

=== Monday 4th January 2021 ===

==== Fedora Project ====

 * Updated `perl-IO-FDPass` to 1.3 in Rawhide:
  * Do not leak memory on unsuccessful `recv`

==== Local Packages ====

 * Updated `dovecot`:
 . Updated `dovecot` to 2.3.13:
  * [[CVE:2020-24386|CVE-2020-24386]]: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem information
  * Metric filter and global event filter variable syntax changed to a SQL-like format (see https://doc.dovecot.org/configuration_manual/event_filter/)
  * `auth`: Added new aliases for `%{variables}`; usage of the old ones is possible, but discouraged
  * `auth`: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth mechanism and related password schemes
  * `auth`: Removed `passdb-sia`, `passdb-vpopmail` and `userdb-vpopmail`
  * `auth`: Removed postfix `postmap` socket
  * `auth`: Added new fields for auth server events; these fields are also now available for all auth events - see https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server for details
  * `imap-hibernate`: Added `imap_client_hibernated`, `imap_client_unhibernated` and `imap_client_unhibernate_retried` events - see https://doc.dovecot.org/admin_manual/list_of_events/ for details
  * `lib-index`: Added new `mail_index_recreated event` - see https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated
  * `lib-sql`: Support TLS options for cassandra driver; this requires `cpp-driver` v2.15 (or later) to work reliably
  * `lib-storage`: Missing `$HasAttachment` / `$HasNoAttachment` flags are now added to existing mails if `mail_attachment_detection_option=add-flags` and it can be done inexpensively
  * login proxy: Added `login_proxy_max_reconnects` setting (default 3) to control how many reconnections are attempted
  * login proxy: imap/pop3/submission/managesieve proxying now supports reconnection retrying on more than just `connect()` failure; any error except a non-temporary authentication failure will result in reconnect attempts
  * `auth`: Lua `passdb`/`userdb` leaks stack elements per call, eventually causing the stack to become too deep and crashing the `auth` or `auth-worker` process
  * `auth`: SASL authentication `PLAIN` mechanism could be used to trigger read buffer overflow; however, this doesn't seem to be exploitable in any way
  * `auth`: v2.3.11 regression: `GSSAPI` authentication fails because `dovecot` disallows `NUL` bytes for it
  * `dict`: Process used too much CPU when iterating keys, because each key used a separate `write()` syscall
  * `doveadm-server`: Crash could occur if logging was done outside command handling, e.g. `http-client` could have done debug logging afterwards, resulting in either segfault or `Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL)`
  * `doveadm-server`: v2.3.11 regression: Trying to connect to `doveadm` server process via starttls `assert`-crashed if there were no `ssl=yes` listeners: `Panic: file master-service-ssl.c: line 22 (master_service_ssl_init): assertion failed: (service->ssl_ctx_initialized)`
  * `fts-solr`: HTTP requests may have `assert`-crashed: `Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL)`
  * imap: `IMAP NOTIFY` could crash with a segmentation fault due to a bad configuration that causes errors; sending the error responses to the client can cause the segmentation fault, which can for example happen when several namespaces use the same mail storage location
  * imap: `IMAP NOTIFY` used on a shared namespace that doesn't actually exist (e.g. public namespace for a nonexistent user) can crash with a panic: `Panic: Leaked view for index /tmp/home/asdf/mdbox/dovecot.list.index: Opened in (null):0`
  * imap: `IMAP` session can crash with `QRESYNC` extension if many changes are done before asking for expunged mails since last `sync`
  * imap: Process might hang indefinitely if client disconnects after sending some long-running commands pipelined, for example `FETCH+LOGOUT`
  * `lib-compress`: Mitigate crashes when configuring a not compiled in compression; errors with compression configuration now distinguish between not supported and unknown
  * `lib-compression`: Using `xz`/`lzma` compression in v2.3.11 could have written truncated output in some situations; this would result in "Broken pipe" read errors when trying to read it back
  * `lib-compression`: `zstd` compression could have crashed in some situations: `Panic: file ostream.c: line 287 (o_stream_sendv_int): assertion failed: (!stream->blocking)`
  * `lib-dict`: `dict` client could have crashed in some rare situations when iterating keys
  * `lib-http`: Fix several `assert`-crashes in HTTP client
  * `lib-index`: v2.3.11 regression: When mails were expunged at the same time as lots of new content was being saved to the cache (e.g. cache file was lost and is being re-filled) a deadlock could occur with `dovecot.index.cache` / `dovecot.index.log`
  * `lib-index`: v2.3.11 regression: `dovecot.index.cache` file was being purged (rewritten) too often when it had a field that hadn't been accessed for over 1 month, but less than 2 months; every cache file change caused a purging in this situation
  * `lib-mail`: MIME parts were not returned correctly by Dovecot MIME parser; regression caused by fixing [[CVE:2020-12100|CVE-2020-12100]]
  * `lib-mail`: When max nested MIME parts were reached, `IMAP BODYSTRUCTURE` was written in a way that may have caused confusion for both IMAP clients and `Dovecot` itself when parsing it; the truncated part is now written out using `application/octet-stream` MIME type
  * `lib-mail`: v2.3.11 regression: Mail delivery / parsing crashed when the 10000th MIME part was `message/rfc822` (or if parent was `multipart/digest`): `Panic: file message-parser.c: line 167 (message_part_append): assertion failed: (ctx->total_parts_count <= ctx->max_total_mime_parts)`
  * `lib-oauth2`: Dovecot incorrectly required `oauth2` server introspection reply to contain username with invalid token
  * `lib-ssl-iostream`, `lib-dcrypt`: Fix building with OpenSSL that has deprecated APIs disabled
  * `lib-storage`: When mail's size is different from the cached one (in `dovecot.index.cache` or `Maildir S=size` in the filename), this is handled by logging "Cached message size smaller/larger than expected" error; however, in some situations this also ended up crashing with: `Panic: file istream.c: line 315 (i_stream_read_memarea): assertion failed: (old_size <= _stream->pos - _stream->skip)`
  * `lib-storage`: v2.3 regression: Copying/moving mails was taking much more memory than before; this was mainly visible when copying/moving thousands of mails in a single transaction
  * `lib-storage`: v2.3.11 regression: Searching messages assert-crashed (without FTS): `Panic: file message-parser.c: line 174 (message_part_finish): assertion failed: (ctx->nested_parts_count > 0)`
  * `lib`: `Dovecot` v2.3 moved signal handlers around in `ioloops`, causing more CPU usage than in v2.2
  * `lib`: Fixed JSON parsing: '`\`' escape sequence may have wrongly resulted in error if it happened to be at read boundary; any `NUL` characters and '`\u0000`' will now result in parsing error instead of silently truncating the data
  * `lmtp`, `submission`: Server may hang if SSL client connection disconnects during the delivery; if this happened repeatedly, it could have ended up reaching `process_limit` and preventing any further `lmtp`/`submission` deliveries
  * lmtp: Proxy does not always properly log TLS connection problems as errors; in some cases, only a debug message is logged if enabled
  * lmtp: The LMTP service can hang when commands are pipelined, which can in particular occur when one command in the middle of the pipeline fails; one example of this occurs for proxied LMTP transactions in which the final `DATA` or `BDAT` command is pipelined after a failing `RCPT` command
  * `login-proxy`: The `login_source_ips` setting has no effect, and therefore the proxy source IPs are not cycled through as they should be
  * `master`: Process was using 100% CPU in some situations when a broken service was being throttled
  * `pop3-login`: POP3 login would fail with "Input buffer full" if the initial response for SASL was too long
  * `stats`: Crash would occur when generating openmetrics data for metrics using aggregating functions
 . Updated `pigeonhole` to 0.5.13
  * `duplicate`: The test was handled badly in a multiscript (`sieve_before`, `sieve_after`) scenario in which an earlier script in the sequence with a duplicate test succeeded, while a later script caused a runtime failure; in that case, the message is recorded for duplicate tracking while the message may not actually have been delivered in the end
  * `editheader`: Sieve interpreter entered infinite loop at startup when the "`editheader`" configuration listed an invalid header name; this problem can only be triggered by the administrator
  * `relational`: The Sieve relational extension can cause a segfault at compile time, triggered by invalid script syntax; the segfault happens when this match type is the last argument of the test command amd is not possible in a valid script; positional arguments are normally present after that, which would prevent the segfault
  * `sieve`: For some `Sieve` commands the provided mailbox name is not properly checked for UTF-8 validity, which can cause assert crashes at runtime when an invalid mailbox name is encountered; this can be caused by the user writing a bad Sieve script involving the affected commands ("`mailboxexists`", "`specialuse_exists`"), or by the remote sender only when the user has written a Sieve script that passes message content to one of the affected commands
  * `sieve`: Large sequences of 8-bit octets passed to certain Sieve commands that create or modify message headers that allow UTF-8 text (`vacation`, `notify` and `addheader`) can cause the delivery or IMAP process (when `IMAPSieve` is used) to enter a memory-consuming semi-infinite loop that ends when the process exceeds its memory limits; logged in users can cause these hangs only for their own processes
 . I included a couple of changes from the Fedora package:
  * Use bigger default key size ([[RedHatBugzilla:1882939|Bug #1882939]])
  * Use `/run` for local state directory ([[RedHatBugzilla:1777922|Bug #1777922]])
 . I also added a patch to fix time margin calculations on 32-bit systems ([[https://github.com/dovecot/core/pull/149|GH#149]])
 * Updated `libgpg-error` to 1.41 (https://dev.gnupg.org/T5192)
  * New function `gpgrt_access`
  * Make "`ignore`" meta command work correctly in the option parser
  * On Windows `gpgrt_getcwd` and the internal `getusername` now handle Unicode values (https://dev.gnupg.org/T5098)
  * Update the build system
  * Fix another glitch in the "`ignore`" meta command
  * Fix two typos in the German translation
 * Updated `libnet` to 1.2:
  * See [[https://github.com/libnet/libnet/blob/v1.2/ChangeLog.md|ChangeLog.md]] for details
 . I added a patch to avoid library soname bump ([[https://github.com/libnet/libnet/issues/115|GH#115]])
 * Updated `perl-IO-FDPass` to 1.3 as per the Fedora version
 * Updated `xz` (5.2.5) to enable CET for i686 ([[RedHatBugzilla:1910368|Bug #1910368]])

----