#acl PaulHowarth:read,write,admin,revert,delete All:read

=== Friday 29th October 2021 ===

==== Fedora Project ====

 * Updated `perltidy` to 20211029 (see [[https://github.com/perltidy/perltidy/blob/20211029/CHANGES.md|CHANGES.md]] for details)

==== Local Packages ====

 * Updated `dovecot`:
  * Updated `dovecot` to 2.3.17:
   * Dovecot now logs a warning if time seems to jump forward at least 100 milliseconds
   * dict: Lines logged by the `dict` process now contain the dict name as the prefix
   * `lib-index`: `mail_cache_fields`, `mail_always_cache_fields` and `mail_never_cache_fields` now verify that the listed header names are valid; in particular, the UTF8 "`–`" character has sometimes been wrongly used instead of the ASCII "`-`"
   * `*-login`: Added `login_proxy_rawlog_dir` setting to capture rawlogs between proxy and back-end
   * dict: The server process now keeps the last 10 idle dict back-ends cached for a maximum of 30 seconds; practically this acts as a connection pool for `dict-redis` and `dict-ldap` (note that this doesn't affect `dict-sql`, because it already had its own internal cache)
   * doveadm: New stats add/remove commands added to support changing the metrics configuration at runtime
   * `lazy_expunge`: Added `lazy_expunge_exclude` settings to disable `lazy_expunge` for specific folders; `\Special-use` flags can be used as folder names
   * `lib-lua`: Added a new helper function `dovecot.restrict_global_variables()` to disable or enable defining new global variables
   * `LAYOUT=index` List index rebuild was missing
   * `LAYOUT=index`: Duplicate GUIDs were not detected
   * acl: When using `acl_ignore_namespace` Dovecot attempted to access or create `dovecot-acl-list` even when the namespace should have been ignored; for virtual namespaces this could have yielded errors about "Read-only file system" or "Permission denied"
   * auth: Setting the "master" passdb field to empty value would cause proxying to fail with an authentication error; now, an empty "master" field is ignored
   * `doveadm-server`: Duplicate error lines were sent for failed commands; this didn't normally cause visible problems, except when using wildcards in usernames or `-A` parameter to go through multiple users
   * `doveadm-server`: Logs written by `doveadm-server` were often missing log prefixes, especially `mail_log_prefix` for mail commands; logs sent to `doveadm` TCP client were also missing log prefixes
   * doveadm: v2.3 regression: batch command always crashes
   * doveadm: v2.3.11 regression: Commands failed if `ssl_cert` or `ssl_key` files weren't readable by the user running `doveadm`, even though `doveadm` didn't actually use these settings
   * `imap-hibernate`: Process may crash at deinit: `Panic: file ioloop.c: line 928 (io_loop_destroy): assertion failed: (ioloop->cur_ctx == NULL)`
   * imap: Using `imap_fetch_failure=no-after` can cause assert-crash with some IMAP commands if reading the mail fails (e.g. wrong cached mail size); fixes: `Panic: file index-mail-headers.c: line 198 (index_mail_parse_header_init): assertion failed: (!mail->data.header_parser_initialized)`
   * imap: v2.3.10 regression: When using `INDEXPVT` to enable private `\Seen` flags (for shared or public namespaces) the `STORE` command did not send untagged replies for the `\Seen` flag changes
   * imap: v2.3.15 regression: If `PREVIEW`/`SNIPPET` is not the final `FETCH` option in the command, the `IMAP FETCH` response is broken
   * imap: v2.3.15 regression: `MOVE` command leaks mailbox if it can't be opened and crashes at deinit: `Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed: ((*user)->refcount == 1)`
   * `imapc`: Copying non-existent mail via `imapc` could have crashed. Fixes: `Panic: file mail-storage.c: line 2385 (mailbox_transaction_commit_get_changes): assertion failed: (ret < 0 || seq_range_count(&changes_r->saved_uids) == save_count || array_count(&changes_r->saved_uids) == 0)`
   * indexer: v2.3.15 regression: Process crashes if indexer-client disconnects while it's waiting for command reply; this happened for example if `IMAP SEARCH` triggered long fts indexing and the IMAP client disconnected whilst waiting for the reply
   * indexer: v2.3.15 regression: Process may have crashed in some situations
   * indexer: v2.3.15 regression: `indexer-worker` processes may not have reached the process_limit in some situations, possibly even using just one `indexer-worker` process even though there were many indexing requests queued
   * `lib-compression`: Reading lz4 compressed mdbox mails may crash; fixes: `Panic: file istream.c: line 345 (i_stream_read_memarea): assertion failed: (!stream->blocking)`
   * `lib-compression`: `bench-compress` crashes due to `xz` being read-only
   * `lib-lua`: Fix linking `libdict_lua` for non-GNU linkers when Lua support is disabled
   * ` lib-mail`: There was no limit on how large an email header name could be; processable header names are now limited to 1000 bytes
   * ` lib-oauth2`: Dovecot disallowed JWT tokens if their validity time was older than token creation time (nbf < iat)
   * `lib-storage`: Reduce memory footprint of certain storage operations
   * `lib-storage`: When listing mailboxes with storage name escape characters (`^` or `.`) as part of the mailbox name, the listing could show corrupted mailbox names; the corruption can occur when using `LAYOUT=INDEX` and maildir or obox, or when using the `listescape` plugin
   * `mail-crypt`: Fix "`-O`" argument for "`doveadm mailbox cryptokey password`" command to be a boolean, and not expect a string
   * `submission-login`: Add support for not authenticating to next hop in submission proxying
   * `submission-login`: `EHLO` was not sent again after `XCLIENT` when doing submission proxying
   * virtual: Mailboxes do not correctly detect underlying mailboxes getting re-created even though they have a different `UIDVALIDITY` or `GUID`
  * Updated `pigeonhole` to 0.5.17:
   * `duplicate`: The Sieve duplicate test is prone to false negatives when the user receives many e-mails concurrently, meaning that duplicate deliveries can still occur
   * `fileinto`: v2.3.16 regression: Sieve delivery crashes if mail is delivered to non-existing and existing folder
   * `imap-filter-sieve`: v2.3.15 regression: The CPU limits on Sieve execution are too easily exceeded in IMAP context (the `IMAPSieve` and `FILTER=SIEVE` capabilities); changed the default to unlimited CPU time for IMAP context, since similar excessive resource usage can be caused by other means as well (the CPU limits on Sieve scripts executed at LDA/LMTP delivery are still enforced by default)
   * `redirect`: The Sieve `redirect` action has protections against users triggering mail loops; unfortunately, the detection of a redirect mail loop sometimes causes the message to get lost if no other Sieve action is applied that delivers the message somewhere else
   * `redirect`: v2.3.16 regression: With certain Sieve scripts if redirect fails due to temporary failure, the lmtp process may crash after the delivery; Fixes: `Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed: ((*user)->refcount == 1)`
 * Updated `perl-Perl-Tidy` to 20211029 as per the Fedora `perltidy` package

----