#acl PaulHowarth:read,write,admin,revert,delete All:read === Tuesday 22nd June 2021 === ==== Fedora Project ==== * Updated `proftpd` (1.3.7b) in Rawhide to add `glibc-gconv-extra` as a test requirement from Fedora 35 onwards due to FedoraProject:Changes/Gconv_package_split_in_glibc ==== Local Packages ==== * Updated `dovecot` (2.3): * Updated `dovecot` to 2.3.15: * [[CVE:2021-29157|CVE-2021-29157]]: Dovecot does not correctly escape `kid` and `azp` fields in JWT tokens, which may be used to supply attacker controlled keys to validate tokens, if attacker has local access * [[CVE:2021-33515|CVE-2021-33515]]: On-path attacker could have injected plaintext commands before `STARTTLS` negotiation that would be executed after `STARTTLS` finished with the client * Disconnection log messages are now more standardized across services; they also always now start with "Disconnected" prefix * Dovecot now depends on `libsystemd` for `systemd` integration * Removed support for Lua 5.2; use version 5.1 or 5.3 instead * config: Some settings are now marked as "hidden" and it's discouraged to change these settings; they will no longer be visible in `doveconf` output, except if they have been changed or if the `doveconf -s` parameter is used (see https://doc.dovecot.org/settings/advanced/ for details) * `imap-compress`: Compression level is now algorithm specific (see https://doc.dovecot.org/settings/plugin/compress-plugin/) * `indexer-worker`: Convert "Indexed" info logs to an event named "indexer_worker_indexing_finished" (see https://doc.dovecot.org/admin_manual/list_of_events/#indexer-worker-indexing-finished) * Add TSLv1.3 support to `min_protocols` * Allow configuring `ssl_cipher_suites` (for TLSv1.3+) * `acl`: Add `acl_ignore_namespace` setting, which allows to entirely ignore ACLs for the listed namespaces * `imap`: Support official RFC8970 preview/snippet syntax; old methods of retrieving preview information via IMAP commands ("SNIPPET and PREVIEW with explicit algorithm selection") have been deprecated * `imapc`: Support `INDEXPVT` for `imapc` storage to enable private message flags for cluster wide shared mailboxes * `lib-storage`: Add new events: `mail_opened`, `mail_expunge_requested`, `mail_expunged`, `mail_cache_lookup_finished` (see https://doc.dovecot.org/admin_manual/list_of_events/#mail) * `zlib`, `imap-compression`, `fs-compress`: Support compression levels that the algorithm supports * Before, we would allow hardcoded value between 1 and 9 and would default to 6 * Now, we allow using per-algorithm value range and default to whatever default the algorithm specifies * `*-login`: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice; this applies to all protocols that involve user login, which currently comprises of `imap`, `pop3`, `submission` and `managesieve` * `*-login`: Processes are supposed to disconnect the oldest non-logged in connection when `process_limit` was reached; this didn't actually happen with the default "high-security mode" (with `service_count=1`) where each connection is handled by a separate process * `*-login`: When login process reaches client/process limits, oldest client connections are disconnected; if one of these was still doing anvil lookup, this caused a crash, though it could happen only if the login process limits were very low or if the server was overloaded * Fixed building with link time optimizations (`-flto`) * `auth`: Userdb iteration with `passwd` driver does not always return all users with some `nss` drivers * `dsync`: Shared `INBOX` not synced when "`mail_shared_explicit_inbox`" was disabled; if a user has a shared mailbox which is another user's `INBOX`, `dsync` didn't include the mailbox in syncing unless explicit naming was enabled with "`mail_shared_explicit_inbox`" set to "`yes`" * `dsync`: Shared namespaces were not synced with "`-n`" flag * `dsync`: Syncing shared `INBOX` failed if `mail_attribute_dict` was not set; if a user has a shared mailbox that is another user's `INBOX`, `dsync` failed to export the mailbox if mail attributes are disabled * `fts-solr`, `fts-tika`: Using both Solr FTS and Tika may have caused HTTP requests to `assert`-crash: `Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL)` * `fts-tika`: 5xx errors returned by Tika server as indexing failures; however, Tika can return 5xx for some attachments every time, so the 5xx error should be retried once, but treated as success if it happens on the retry as well (v2.3 regression) * `fts-tika`: v2.3.11 regression: Indexing messages with `fts-tika` may have resulted in `Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input))` * `imap`: `SETMETADATA` could not be used to unset metadata values; instead, NIL was handled as a "NIL" string (v2.3.14 regression) * `imap`: `IMAP BINARY FETCH` crashes at least on empty base64 body: `Panic: file index-mail-binary.c: line 358 (blocks_count_lines): assertion failed: (block_count == 0 || block_idx+1 == block_count)` * `imap`: If `IMAP` client using the `NOTIFY` command was disconnected while sending `FETCH` notifications to the client, `imap` could crash with `Panic: Trying to close mailbox INBOX with open transactions` * `imap`: Using `IMAP COMPRESS` extension can cause `IMAP` connection to hang when `IMAP` commands are >8 kB long * `imapc`: If remote server sent `BYE` but didn't immediately disconnect, it could cause infinite busy-loop * `lib-index`: Corrupted cache record size in `dovecot.index.cache` file could have caused a crash (segfault) when accessing it * `lib-oauth2`: JWT token time validation now works correctly with 32-bit systems * `lib-ssl-iostream`: Checking hostnames against an SSL certificate was case-sensitive * `lib-storage`: Corrupted `mime.parts` in `dovecot.index.cache` may have resulted in `Panic: file imap-bodystructure.c: line 206 (part_write_body): assertion failed: (text == ((part->flags & MESSAGE_PART_FLAG_TEXT) != 0))` * `lib-storage`: Index rebuilding (e.g. via `doveadm force-resync`) didn't preserve the "`hdr-pop3-uidl`" header; because of this, the next `pop3` session could have accessed all of the emails' metadata to read their `POP3 UIDL` (opening dbox files) * `listescape`: When using the `listescape` plugin and a shared namespace, the plugin didn't work properly anymore, resulting in errors like: "Invalid mailbox name: Name must not have '/' character" * `lmtp`: Connection crashes if connection gets disconnected due to multiple bad commands and the last bad command is `BDAT` * `lmtp`: The Dovecot-specific `LMTP` parameter `XRCPTFORWARD` was blindly forwarded by `LMTP` proxy without checking that the backend has support; this caused a command parameter error from the backend if it was running an older Dovecot release (this could only occur in more complex setups where the message was proxied twice; when the proxy generated the `XRCPTFORWARD` parameter itself the problem did not occur, so this only happened when it was forwarded) * `lmtp`: The `LMTP` proxy crashes with a panic when the remote server replies with an error while the mail is still being forwarded through a `DATA`/`BDAT` command * `lmtp`: Username may have been missing from `lmtp` log line prefixes when it was performing autoexpunging * `master`: Dovecot would incorrectly fail with `haproxy` 2.0.14 service checks * `master`: `systemd` service: Dovecot announces readiness for accepting connections earlier than it should; the following environment variables are now imported automatically and can be omitted from `import_environment` setting: `NOTIFY_SOCKET` `LISTEN_FDS` `LISTEN_PID` * `master`: `service { process_min_avail }` was launching processes too slowly when `master` was forking a lot of processes * `util`: Make the `health-check.sh` example script POSIX shell compatible * Updated `pigeonhole` to 0.5.15: * [[CVE:2020-28200|CVE-2020-28200]]: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage: fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period; sufficiently large CPU time usage is summed in the Sieve script binary and execution is blocked when the sum exceeds the limit within that time, and the block is lifted when the script is updated after the resource usage times out * Disconnection log messages are now more standardized across services; they also always now start with "Disconnected" prefix * `managesieve`: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice * Updated `proftpd` (1.3.7b) as per the Fedora version ----