Update dovecot2-pigeonhole to 0.5.7.2.
Changes
-------
* CVE-2019-11500: ManageSieve protocol parser does not properly handle
NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes. Found by Nick Roessler and Rafi Rubin.
Update dovecot2 and related packages to 2.3.7.2.
Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes. Found by Nick Roessler and Rafi Rubin.
the changelog:
- code: remove incorrect usage of vfork()
- code: detect and prefer utmpx where available
- code: removed idedit, install-big. var-qmail packages are no more
- portability problem: explicitly initialize strerr_sys and
define BIND_8_COMPAT to work around Mac OS X
- code: add instchown to set ownership and mode on installed files
- code: add instpackage to install without root access
- doc: rename INSTALL, SENDMAIL to INSTALL.md, SENDMAIL.md to
support building on case-insensitive filesystems
- code: lookup uid/gid at runtime
- code: use DESTDIR environment variable as root directory in install
pkgsrc changes:
- If hostname isn't FQDN, config-fast-pkgsrc wouldn't produce a working
config, so don't run it; tell user what to do instead
- Stage QMAIL_QUEUE_DIR into DESTDIR/tmp, to be more obvious that it's
not being packaged up (and is not how a queue gets created at
pkg_add time)
- Drop custom destdir, qbiffutmpx, and Darwin patches
- Rebase TLS-onlyremote, QMAILREMOTE, and SRS patches
- Require latest ucspi-ssl and ucspi-tcp6 for IPv4 fixes
- Move MESSAGE.tls to README.tls, and remove other MESSAGE*
- Set PKG_HOME even for non-default values of QMAIL_ALIAS_USER
- Check whether alias/.qmail-foo exist before trying to remove
Bump PKGREVISION.
- remove socket setblocking() calls which should be no longer needed,
and which may have caused hangups. Thanks: Viacheslav Chimishuk.
- correct version number string in error message. Thanks: Piet
van Oostrum.
The canonical form [1] of an R package Makefile includes the
following:
- The first stanza includes R_PKGNAME, R_PKGVER, PKGREVISION (as
needed), and CATEGORIES.
- HOMEPAGE is not present but defined in math/R/Makefile.extension to
refer to the CRAN web page describing the package. Other relevant
web pages are often linked from there via the URL field.
This updates all current R packages to this form, which will make
regular updates _much_ easier, especially using pkgtools/R2pkg.
[1] http://mail-index.netbsd.org/tech-pkg/2019/08/02/msg021711.html
Update squirrelmail to 1.4.23pre14832.
- Changed anti-CSRF security token lifetime to be session-based.
- Added favicon and ability for admins to use their own by setting
$head_tag_extra in config_local.php (see documented comments in,
for example, src/webmail.php)
- Altered hook types "do_hook_function" and "concat_hook_function"
such that the ultimate hook return value (in its current state,
as computed (or not) by the plugins that have executed previously)
is both globalized and passed as an additional argument to each
plugin. This allows plugins to cooperate better and not overwrite
each other's return values.
- Updated SVG handling, closing several related vulnerabilities
(#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952]
[CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955]
- Added IMAP ID command (RFC2971), sent after every login - use
by setting $imap_id_command_args in config/config_local.php
(see notes in functions/imap_general.php for more details)
- Fixed PHP7 warnings (#2847)
- Added handling for RCDATA and RAWTEXT elements in HTML sanitizer
[CVE-2019-12970]
Update dovecot2-pigeonhole to 0.5.7.
Changes
-------
+ vacation: Made the subject for the automatic response message produced
by the Sieve vacation action configurable. Both the default subject
(if the script defines none) and the subject template (e.g. used to
add a subject prefix) can be configured.
- dsync: dsync-replication does not synchronize Sieve scripts.
- imap_sieve_filter: Reduce FILTER=SIEVE verbosity over IMAP connection.
- testsuite: Pigeonhole testsuite segfaulted if it was compiled with
GCC 9
Update dovecot2 to 2.3.7.
Changes
-------
* fts-solr: Removed break-imap-search parameter
+ Added more events for the new statistics, see
https://doc.dovecot.org/admin_manual/list_of_events/
+ mail-lua: Add IMAP metadata accessors, see
https://doc.dovecot.org/admin_manual/lua/
+ Add event exporters that allow exporting raw events to log files and
external systems, see
https://doc.dovecot.org/configuration_manual/event_export/
+ SNIPPET is now PREVIEW and size has been increased to 200 characters.
+ Add body option to fts_enforced. This triggers building FTS index only
on body search, and an error using FTS index fails the search rather
than reads through all the mails.
- Submission/LMTP: Fixed crash when domain argument is invalid in a
second EHLO/LHLO command.
- Copying/moving mails using Maildir format loses IMAP keywords in the
destination if the mail also has no system flags.
- mail_attachment_detection_options=add-flags-on-save caused email body
to be unnecessarily opened when FETCHing mail headers that were
already cached.
- mail attachment detection keywords not saved with maildir.
- dovecot.index.cache may have grown excessively large in some
situations. This happened especially when using autoexpunging with
lazy_expunge folders. Also with mdbox format in general the cache file
wasn't recreated as often as it should have.
- Autoexpunged mails weren't immediately deleted from the disk. Instead,
the deletion from disk happened the next time the folder was opened.
This could have caused unnecessary delays if the opening was done by
an interactive IMAP session.
- Dovecot's TCP connections sometimes add extra 40ms latency due to not
enabling TCP_NODELAY. HTTP and SMTP/LMTP connections weren't
affected, but everything else was. This delay wasn't always visible -
only in some situations with some message/packet sizes.
- imapc: Fix various crash conditions
- Dovecot builds were not always reproducible.
- login-proxy: With shutdown_clients=no after config reload the
existing connections could no longer be listed or kicked with doveadm.
- "doveadm proxy kick" with -f parameter caused a crash in some
situations.
- Auth policy can cause segmentation fault crash during auth process
shutdown if all auth requests have not been finished.
- Fix various minor bugs leading into incorrect behaviour in mailbox
list index handling. These rarely caused noticeable problems.
- LDAP auth: Iteration accesses freed memory, possibly crashing
auth-worker
- local_name { .. } filter in dovecot.conf does not correctly support
multiple names and wildcards were matched incorrectly.
- replicator: dsync assert-crashes if it can't connect to remote TCP
server.
- config: Memory leak in config process when ssl_dh setting wasn't
set and there was no ssl-parameters.dat file.
This caused config process to die once in a while
with "out of memory".
pkgsrc changes:
---------------
* change COMMENT to make pkglint happy (inspired by http://www.postfix.org/)
* update PLIST using make print-PLIST (missing @pkgdir)
upstream changes:
-----------------
20181125
Cleanup: dict_file_to_xxx() takes a list of file names
separated by CHARS_COMMA_SP. Shoe-horned into the existing
API, make it nicer when there is time. File: util/dict_file.c.
20181127
Cleanup: encapsulated clumsy 'read into VSTRING' code with
easier-to-use vstream_fread_buf() and vstream_fread_app()
primitives. Files: global/memcache_proto.c, global/record.c,
global/smtp_stream.c, global/smtp_stream.h, global/uxtext.c,
global/xtext.c, milter/milter8.c, util/dict_file.c,
util/hex_quote.c, util/netstring.c, util/vstream.c,
util/vstream.h. Verified with "make tests".
Cleanup: simplified the smtp_fread() API (introduced for
BDAT support), and changed the name to smtp_fread_buf().
Files: global/smtp_stream.c, smtpd/smtpd.c. Verified with
~megabyte BDAT commands.
Cleanup: simplified a tlsproxy-internal API. File:
tlsproxy/tlsproxy.c.
20181128
Initial support for key/certificate chain files that will
replace the proliferation of separate parameters for
RSA/DSA/ECC/etc. key and certificate files. Viktor
Dukhovni.
20181201
Cleanup: replaced the remaining unsafe VSTRING_AT_OFFSET()
calls with safe vstring_set_payload_size() calls, in code
that directly writes into VSTRING. Files: tls/tls_session.c,
tlsmgr/tlsmgr.c, util/casefold.c, util/vstring.c, util/vstring.h,
xsasl/xsasl_cyrus_client.c.
Cleanup: postscreen_command_time_limit did not need to be
a 'raw' parameter. This makes "postconf -x" behavior more
consistent. Files: global/mail_params.h, postscreen/postscreen.c.
Documentation: added text that the following parameter
values are not subject to Postfix parameter $name expansion:
default_rbl_reply, command_execution_directory, luser_relay,
smtpd_reject_footer. These have their own documented $name
substitution mechanism. File: proto/postconf.proto.
20181202
Bugfix: posttls-finger reported an error for UNIX-domain
connections, even if they did not fail. Found by Coverity.
File: posttls-finger/posttls-finger.c.
20181208
Documentation: add even more redundancy to the rate-delay
description. File: proto/postconf.proto.
20181210
Cleanup: code deduplication. File: util/dict_file.c.
20181226
Cleanup: code deduplication and better encapsulation with
PSC_DEL_CLIENT_STATE() and PSC_DEL_SERVER_STATE() macros.
Files: postscreen/postscreen.h, postscreen/postscreen_state.c.
Documentation: POSTSCREEN_README did not describe the
postscreen_post_queue_limit, and attributed the wrong reject
message to the postscreen_pre_queue_limit. Problem reported
by Michael Orlitzky. File: proto/POSTSCREEN_README.html.
(20181226-nonprod) Compatibility: removed support for OpenSSL
1.0.1 (not supported since December 31, 2016) and earlier
releases. This eliminated a large number of #ifdefs with
bitrot workarounds. Viktor Dukhovni. Files: global/mail_params.h,
posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_certkey.c,
tls/tls_client.c, tls/tls_dane.c, tls/tls_dh.c, tls/tls_misc.c,
tls/tls_proxy_client_scan.c, tls/tls_rsa.c, tls/tls_server.c,
tls/tls_session.c.
(20181226-nonprod) Use the OpenSSL 1.0.2 and later API for
setting ECDHE curves. Viktor Dukhovni. Files: tls/tls.h,
tls/tls_client.c, tls/tls_dh.c.
(20181226-nonprod) Documentation update for TLS support.
Viktor Dukhovni. Files: mantools/postlink, proto/TLS_README.html,
proto/postconf.proto, src/sendmail/sendmail.c, src/smtpd/smtpd.c.
20181229
Explicit maps_file_find() and dict_file_lookup() methods
that decode base64 content. Decoding content is not built
into the dict->lookup() method, because that would complicate
the implementation of map nesting (inline, thash), map
composition (pipemap, unionmap), and map proxying. For
consistency, decoding base64 file content is also not built
into the maps_find() method. Files: util/dict.h.
util/dict_file.c, global/maps.[hc], postmap/postmap.c.
20190106
Documentation: documented the SRC_RHS_IS_FILE flag in
dict_open.c, and updated the -F description in the postmap
manpage. Files: util/dict_open.c, postmap/postmap.c.
(20190106-nonprod) Feature: support for files that combine
multiple (key, certificate, trust chain) instances in one
file, to avoid separate files for RSA, DSA, Elliptic Curve,
and so on. Viktor Dukhovni. Files: .indent.pro,
global/mail_params.h, posttls-finger/posttls-finger.c,
smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c,
smtp/smtp_proto.c, smtpd/smtpd.c, tls/tls.h, tls/tls_certkey.c,
tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c,
tls/tls_proxy_client_scan.c, tls/tls_proxy_server_print.c,
tls/tls_proxy_server_scan.c, tls/tls_server.c, tlsproxy/tlsproxy.c.
(20190106-nonprod) Create a second, no-key no-cert, SSL_CTX
for use with SNI. Viktor Dukhovni. Files: src/tls/tls.h,
src/tls/tls_client.c, src/tls/tls_misc.c, src/tls/tls_server.c.
(20190106-nonprod) Server-side SNI support. Viktor Dukhovni.
Files: src/global/mail_params.h, src/smtp/smtp.c,
src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_certkey.c,
src/tls/tls_misc.c, src/tlsproxy/tlsproxy.c,
(20190106-nonprod) Configurable client-side SNI signal.
Viktor Dukhovni. Files: global/mail_params.h,
posttls-finger/posttls-finger.c, smtp/lmtp_params.c,
smtp/smtp.c, smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c,
smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c,
tls/tls_proxy.h, tls/tls_proxy_client_print.c,
tls/tls_proxy_client_scan.c.
20190121
Logging: support for internal logging file, without using
syslog (it uses the new postlogd daemon instead). This
solves a usability problem for MacOS, may help getting
around systemd, and solves 99% of the problem for logging
to stdout in a container (hopefully we have 100% soon).
Enable by setting, for example, "maillog_file =
/var/log/postfix.log"). This works fine for daemons, and
with some limitations for non-daemon programs. See
RELEASE_NOTES for more details. Files: conf/master.cf,
conf/post-install, conf/postfix-files, conf/postfix-script,
mantools/postlink, proto/master, proto/postconf.proto,
global/mail_params.c, global/mail_params.h, global/mail_proto.h,
global/maillog_client.c, global/maillog_client.h,
master/dgram_server.c, master/event_server.c, master/mail_server.h,
master/master.c, master/master.h, master/master_ent.c,
master/master_listen.c, master/master_proto.h,
master/master_wakeup.c, master/multi_server.c,
master/single_server.c, master/trigger_server.c,
postalias/postalias.c, postconf/postconf_master.c,
postdrop/postdrop.c, postfix/postfix.c, postkick/postkick.c,
postlog/postlog.c, postlogd/postlogd.c, postmap/postmap.c,
postmulti/postmulti.c, postqueue/postqueue.c,
postsuper/postsuper.c, sendmail/sendmail.c, util/connect.h,
util/listen.h, util/logwriter.c, util/logwriter.h,
util/msg_logger.c, util/msg_logger.h, util/msg_output.c,
util/msg_output.h, util/unix_dgram_connect.c,
util/unix_dgram_listen.c.
Cleanup: cert/key/chain loading, plus unit tests to exercise
non-error and error cases. Viktor Dukhovni. Files: tls/*.pem,
tls*.pem.ref, tls/tls_certkey.c.
20190126
Safety: Postfix programs will log to either syslog or postlog
but not both; and postlogd forwards postlog logging to
syslog, when a configuration change removes the maillog_file
pathname, but some programs still use the old configuration.
Files: util/msg_syslog.[hc], util/msg_logger.c,
global/maillog_client.c, postlogd/postlogd.c,
Bugfix (introduced: Postfix 20110109, Postfix 2.10): watchdog
pipe file descriptor leak. This pipe provides one source
of liveness, data from this pipe is discarded, and therefore
this does not enable privilege escalation or DOS. File:
util/watchdog.c.
Feature: stdout logging support; requires "postfix start-fg"
and "maillog_file = /dev/stdout". Files: master/master.c,
conf/postfix-script.
20190127
Safety: when maillog_file is specified, 'postfix check' now
requires that the postlog service is enabled in master.cf.
Otherwise 'postfix start' etc. will log a fatal error. File:
conf/postfix-script.
Documentation: added policy_context example. File:
proto/SMTPD_POLICY_README.html.
20190128
Testing: run libtls tests under Valgrind. File tls/Makefile.in.
20190129
Safety: require that $maillog_file matches one of the
pathname prefixes specified in $maillog_file_prefixes. The
maillog file is created by root, and the prefixes limit the
damage from a single configuration error. Files:
global/mail_params.[hc], global/maillog_client.c.
20191201
Feature: "postfix logrotate" command with configurable
compression program and datestamp filename suffix. File:
conf/postfix-script.
20190202
Cleanup: log a warning when the client sends a malformed
SNI; log an info message when the client sends a valid SNI
that does not match the SNI lookup tables; update the
FORWARD_SECRECY_README logging examples. Viktor Dukhovni.
Files: proto/FORWARD_SECRECY_README.html, tls/tls.h,
tls/tls_client.c, tls/tls_misc.c.
20190208
Debugging: the master(8) daemon now logs a warning if a
master.cf entry is defined multiple times. File:
src/master/master_conf.c.
20190209
Debugging: tlsproxy(8) now logs more details about unexpected
configuration differences between the Postfix SMTP client
and the tlsproxy(8) daemon.
20190210
Documentation: Postfix 3.4.0 RELEASE NOTES.
Documentation: added BDAT_README.
Documentation: global TLS settings. Files: mantools/postlink,
smtp/smtp.c, tlsproxy/tlsproxy.c.
20190211
Cleanup: removed obsolete parameters: tls_dane_digest_agility,
tls_dane_trust_anchor_digest_enable; removed openssl_path
parameter from configuration difference checks in tlsproxy.
Files: global/mail_params.h, tls/tls_misc.c,
tls/tls_proxy_client_misc.c, tls/tls_proxy_client_print.c,
tls/tls_proxy_client_scan.c, tls/tls_proxy.h.
20190212
Cleanup: missing #ifdef USE_TLS. Files: smtp/smtp_session.c,
posttls-finger/posttls-finger.c.
20190217
Cleanup: when the master daemon runs with PID=1 (init mode),
reap orhpan processes from non-Postfix code running in the
same container, instead of terminating with a panic. File:
master/master_spawn.c.
20190218
Bugfix: tlsproxy did not enable DANE-style PKI because
libtls seems to have to accreted multiple init functions
instead of reusing the tls_client_init() and tls_client_start()
API. And some functions that do initialization don't even
have init in their name! Problem report by Andreas Schulze.
Viktor Dukhovni. Files: tls/tls_misc.c, tlsproxy/tlsproxy.c.
Workaround: Postfix libtls makes DANE-specific changes to
the shared SSL_CTX. To avoid false sharing, tlsproxy needs
to label the SSL_CTX cache with DANE bits until we can
remove the code that modifies SSL_CTX. File: tlsproxy/tlsproxy.c.
Cleanup: Postfix libtls changed the shared SSL_CTX to
override ciphers. instead of changing the SSL handle. To
avoid false sharing in tlsproxy, the changes are now made
to the SSL handle. Viktor Dukhovni. Files: tls/tls.h,
tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c.
20190219
Bugfix: in the Postfix SMTP client, TLS wrappermode was not
tested in tlsproxy mode. It needed some setup for buffering
and timeouts. Problem report by Andreas Schulze. File:
smtp/smtp_proto.c.
20190304
Bugfix: a reversed test broke TLS configurations that specify
the same filename for a private key and certificate. Reported
by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the
test. Files: tls/tls_certkey.c, tls/Makefile.in.
20190310
Bitrot: LINUX5s support, after some sanity checks with a
rawhide prerelease version. Files: makedefs, util/sys_defs.h.
Bugfix (introduced: 20181226): broken DANE trust anchor
file support, caused by left-over debris from the 20181226
TLS library overhaul. By intrigeri. File: tls/tls_dane.c.
Bugfix (introduced: Postfix-1.0.1): null pointer read, while
logging a warning after a corrupted bounce log file. File:
global/bounce_log.c.
Bugfix (introduced: Postfix-2.9.0): null pointer read, while
logging a warning after a postscreen_command_filter read
error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c
20190312
Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
has been producing false rejects starting with the Postfix
2.2 smtpd_end_of_data_restrictons, and for the same reasons,
does the same with the Postfix 3.4 BDAT command. The latter
was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
20190319
With message_size_limit=0 (which is NOT DOCUMENTED), BDAT
chunks were always rejected as too large. File: smtpd/smtpd.c
20190328
Bugfix (introduced: Postfix 3.0): LMTP connections over
UNIX-domain sockets were cached but not reused, due to a
cache lookup key mismatch. Therefore, idle cached connections
could exhaust LMTP server resources, resulting in two-second
pauses between email deliveries. This problem was investigated
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
20190331
Documentation: tlsext_padding is not a tls_ssl_options
feature. File: proto/postconf.proto.
20190401
Portability: added "#undef sun" to util/unix_dgram_connect.c.
20190403
Bugfix (introduced: Postfix 2.3): a censoring filter broke
multiline Milter responses for header/body events. Problem
report by Andreas Thienemann. Files: util/printable.c,
util/stringops.h, smtpd/smtpd.c
Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit =
0" no longer meant 'unlimited'. Problem report by Luc Pardon.
File: smtp/smtp_addr.c.
20190615
Documentation: updated the BUGS section in the smtp(8) manpage
about TLS connection reuse. File: smtp/smtp.c.
Workaround for implementations that hang Postfix while
shutting down a TLS session, until Postfix times out. With
"tls_fast_shutdown_enable = yes" (the default), Postfix no
longer waits for the TLS peer to respond to a TLS 'close'
request. This is recommended with TLSv1.0 and later. Files:
global/mail_params.h, tls/tls_session.c, and documentation.
20190621
Bugfix (introduced: Postfix 3.0): the code to reset Postfix
SMTP server command counts was not called after a HaProxy
handshake failure, causing stale numbers to be reported.
The command counts are now reset in the function that reports
the counts. File: smtpd/smtpd.c.
pkgsrc changes:
---------------
* Remove -DHAS_EAI since it does not appear anywhere
* Add pkg-config to USE_TOOLS since patch-ai introduces it
* Bump revision since binaries are now linked to icui18n
to determine whether to use the blacklistd feature. This allows
for automatically picking up new OSes that provide blacklistd as
well as ignoring older versions of NetBSD and FreeBSD that don't
have blacklistd.
Add UseBlacklist to M4 config generator. This means that you can
turn it on by doing something like:
LOCAL_CONFIG
...
define(`confUSE_BLACKLIST', `True')dnl
...
It is set to false as the feature is experimental having just been
created.
Ride previous PKGREVISION bump as it was less than an hour ago.
originally created for FreeBSD and were ported to pkgsrc by Hauke
Fath with some cleanup by myself.
These patches add a new "UseBlacklist" option to sendmail to have
it send authentication failure notices to blacklistd.
sendmail options BadRcptShutdown and BadRcptShutdownGood to be
used. "ffr" stands for For Future Release, which means it is a
beta test feature that may show up in a future release of sendmail.
The sendmail-ffr-badrcptshutdown option is disabled by default so
no change to binary packages, thus not bumping PKGREVISION.
Changes:
1.8.5
-----
- Fixed OAUTHBEARER.
- Support for TLS client certificates via PKCS11 devices, e.g. smart cards.
- Various small bug fixes and improvements.
process for a mailing list or mail address. It is invoked by qmail-local
through a dot-qmail file, and can reduce the amount of junk mail hitting
a mailbox or the mailboxes of mailing list subscribers. qconfirm
performs this delivery confirmation process either sender based or
message based.
When used for a public mail address, not a mailing list, qconfirm is
capable of detecting follow-ups on mail messages originated from this
mail address, and doesn't request delivery confirmation is this case.
qconfirm also is able to identify delivery confirmation requests from
recipients of mail messages, and automatically confirms the delivery
if desired.
Do not bump revision since binary cannot be altered
pkgsrc changes:
---------------
* make blk3 conform to options.mk
* move BUILD_DEFS (pkglint WARN--)
* comment an explicit patch (pkglint ERROR--)
Upstream changes:
version 3.007: Thu 13 Jun 16:54:08 CEST 2019
Fixes:
- remove debug statements.
version 3.006: Wed 12 Jun 16:43:39 CEST 2019
Improvements:
- more flexible in passing settings to Mail::IMAPClient.
version 3.005: Wed 5 Jun 15:56:33 CEST 2019
Fixes:
- ignore StartTLS on SSL connection.
- enforce message_type is ::IMAP::Message, not ::IMAPs
