Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-05-02 19:18:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "dovecot23" Thu May 2 19:18:31 2019 rev:18 rq:699690 version:2.3.6 Changes: -------- --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-04-19 18:38:46.763214914 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.5148/dovecot23.changes 2019-05-02 19:18:38.661562344 +0200 @@ -1,0 +2,51 @@ +Tue Apr 30 13:49:18 UTC 2019 - Marcus Rueckert <mrueckert@suse.de> + +- update pigeonhole to 0.5.6 + + sieve: Redirect loop prevention is sometimes ineffective. + Improve existing loop detection by also recognizing the + X-Sieve-Redirected-From header in incoming messages and + dropping redirect actions when it points to the sending + account. This header is already added by the redirect action, + so this improvement only adds an additional use of this header. + - sieve: Prevent execution of implicit keep upon temporary + failure occurring at runtime. + +------------------------------------------------------------------- +Tue Apr 30 13:34:16 UTC 2019 - Marcus Rueckert <mrueckert@suse.de> + +- update to 2.3.6: (boo#1133624 boo#1133625) + * CVE-2019-11494: Submission-login crashed with signal 11 due to + null pointer access when authentication was aborted by + disconnecting. + * CVE-2019-11499: Submission-login crashed when authentication + was started over TLS secured channel and invalid authentication + message was sent. + * auth: Support password grant with passdb oauth2. + + Use system default CAs for outbound TLS connections. + + Simplify array handling with new helper macros. + + fts_solr: Enable configuring batch_size and soft_commit features. + - lmtp/submission: Fixed various bugs in XCLIENT handling, + including a hang when XCLIENT commands were sent infinitely to + the remote server. + - lmtp/submission: Forwarded multi-line replies were erroneously + sent as two replies to the client. + - lib-smtp: client: Message was not guaranteed to contain CRLF + consistently when CHUNKING was used. + - fts_solr: Plugin was no longer compatible with Solr 7. + - Make it possible to disable certificate checking without + setting ssl_client_ca_* settings. + - pop3c: SSL support was broken. + - mysql: Closing connection twice lead to crash on some systems. + - auth: Multiple oauth2 passdbs crashed auth process on deinit. + - HTTP client connection errors infrequently triggered a + segmentation fault when the connection was idle and not used + for a particular client instance. +- drop https://github.com/dovecot/core/commit/3c5101ffd.patch + +------------------------------------------------------------------- +Mon Apr 29 22:11:53 UTC 2019 - Marcus Rueckert <mrueckert@suse.de> + +- backport https://github.com/dovecot/core/commit/3c5101ffd.patch + [PATCH] driver-mysql: Avoid double-closing MySQL connection + +------------------------------------------------------------------- Old: ---- dovecot-2.3-pigeonhole-0.5.5.tar.gz dovecot-2.3-pigeonhole-0.5.5.tar.gz.sig dovecot-2.3.5.2.tar.gz dovecot-2.3.5.2.tar.gz.sig New: ---- dovecot-2.3-pigeonhole-0.5.6.tar.gz dovecot-2.3-pigeonhole-0.5.6.tar.gz.sig dovecot-2.3.6.tar.gz dovecot-2.3.6.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dovecot23.spec ++++++ --- /var/tmp/diff_new_pack.2FCLCQ/_old 2019-05-02 19:18:39.597563992 +0200 +++ /var/tmp/diff_new_pack.2FCLCQ/_new 2019-05-02 19:18:39.601563999 +0200 @@ -17,11 +17,11 @@ Name: dovecot23 -Version: 2.3.5.2 +Version: 2.3.6 Release: 0 %define pkg_name dovecot -%define dovecot_version 2.3.5.2 -%define dovecot_pigeonhole_version 0.5.5 +%define dovecot_version 2.3.6 +%define dovecot_pigeonhole_version 0.5.6 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} %define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole ++++++ dovecot-2.3-pigeonhole-0.5.5.tar.gz -> dovecot-2.3-pigeonhole-0.5.6.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/ChangeLog new/dovecot-2.3-pigeonhole-0.5.6/ChangeLog --- old/dovecot-2.3-pigeonhole-0.5.5/ChangeLog 2019-03-05 12:53:28.000000000 +0100 +++ new/dovecot-2.3-pigeonhole-0.5.6/ChangeLog 2019-04-30 14:26:49.000000000 +0200 @@ -1,11 +1,132 @@ -2019-03-05 13:48:57 +0200 Aki Tuomi <aki.tuomi@open-xchange.com> (2483b085) +2019-04-30 14:30:41 +0300 Aki Tuomi <aki.tuomi@open-xchange.com> (92dc263a) - Release v0.5.5 for Dovecot v2.3.5 + Released v0.5.6 M configure.ac -2019-03-04 15:01:08 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (0a9f9095) +2019-04-30 14:26:16 +0300 Aki Tuomi <aki.tuomi@open-xchange.com> (18751d35) + + NEWS: Add news for v0.5.6 + + +M NEWS + +2019-01-16 08:51:09 -0500 Josef 'Jeff' Sipek <jeffpc@josefsipek.net> (ea20d2d9) + + global: hash_table_destroy(NULL) is a no-op + + @@ expression E; + @@ + + - if (hash_table_is_created(E)) { + - hash_table_destroy(&E); + - } + + hash_table_destroy(&E); + +M src/lib-sieve/sieve-result.c +M src/plugins/imapsieve/imap-sieve-storage.c + +2019-01-24 22:46:09 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (3733c159) + + lib-sieve: Prevent execution of implicit keep upon temporary failure + occurring at runtime. + + +M src/lib-sieve/sieve.c + +2018-12-12 18:46:50 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (76a44097) + + lib-sieve: redirect action: Assert that dupeid is not NULL when + act_redirect_get_duplicate_id() is successful. + + Addresses scan-build report. + +M src/lib-sieve/cmd-redirect.c + +2018-12-12 18:45:00 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (2c5a4cb5) + + lib-sieve: redirect action: Fix lack of NULL checking in new + X-Sieve-Redirected-From header comparisons. + + Problem found by scan-build. + +M src/lib-sieve/cmd-redirect.c + +2018-12-11 17:29:18 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (049de1fc) + + lib-sieve: redirect action: Implement additional protection against mail + loops. + + Also check the X-Sieve-Redirected-From header for our own e-mail addresses. + This header is added by the redirect action itself and in a mail loop it + would see that same header with that same content. This is less reliable + than the other mail loop detection (sender may set such a header), so, + unlike the existing loop detection based on the duplicate db, the implicit + keep is not canceled when the new loop detection is triggered. + +M src/lib-sieve/cmd-redirect.c +M tests/execute/smtp.svtest + +2018-12-11 17:27:20 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (663ac718) + + lib-sieve: redirect action: Put msgdata->mail in local variable in + act_redirect_get_duplicate_id(). + + Serves as an abbreviation. + +M src/lib-sieve/cmd-redirect.c + +2018-12-11 17:26:56 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (c3c9a521) + + lib-sieve: redirect action: Move composition of duplicate database ID to + separate function. + + +M src/lib-sieve/cmd-redirect.c + +2018-12-11 20:28:51 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (2c52769b) + + lib-sieve: redirect action: Give log messages emitted during execution a + uniform prefix. + + +M src/lib-sieve/cmd-redirect.c + +2018-12-11 17:25:12 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (dd626dfe) + + lib-sieve: redirect action: Report errors on original message in + act_redirect_commit(). + + It was errorneously using the (potentially) modified mail struct for error + reporting. + +M src/lib-sieve/cmd-redirect.c + +2018-12-11 17:24:38 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (88792972) + + lib-sieve: redirect action: Update coding style of act_redirect_commit(). + + +M src/lib-sieve/cmd-redirect.c + +2018-12-11 20:25:12 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (7d2d1eca) + + lib-sieve: redirect action: Update coding style of act_redirect_send(). + + +M src/lib-sieve/cmd-redirect.c + +2018-12-11 17:23:06 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (4ef89d76) + + lib-sieve: editheader extension: Protect the X-Sieve-Redirected-From header + against modification. + + This prevents users from messing with redirect loop detection. + +M src/lib-sieve/plugins/editheader/ext-editheader-common.c + +2019-03-04 15:01:08 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (73378b27) Update NEWS file for v0.5.5 release. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/NEWS new/dovecot-2.3-pigeonhole-0.5.6/NEWS --- old/dovecot-2.3-pigeonhole-0.5.5/NEWS 2019-03-05 12:53:18.000000000 +0100 +++ new/dovecot-2.3-pigeonhole-0.5.6/NEWS 2019-04-30 14:26:38.000000000 +0200 @@ -1,3 +1,14 @@ +v0.5.6 2019-04-30 Aki Tuomi <aki.tuomi@open-xchange.com> + + + sieve: Redirect loop prevention is sometimes ineffective. Improve + existing loop detection by also recognizing the + X-Sieve-Redirected-From header in incoming messages and dropping + redirect actions when it points to the sending account. This header + is already added by the redirect action, so this improvement only + adds an additional use of this header. + - sieve: Prevent execution of implicit keep upon temporary failure + occurring at runtime. + v0.5.5 2019-03-05 Stephan Bosch <stephan@rename-it.nl> + IMAPSieve: Add new plugin/imapsieve_expunge_discarded setting which diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/configure new/dovecot-2.3-pigeonhole-0.5.6/configure --- old/dovecot-2.3-pigeonhole-0.5.5/configure 2019-03-05 12:53:23.000000000 +0100 +++ new/dovecot-2.3-pigeonhole-0.5.6/configure 2019-04-30 14:26:43.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for Pigeonhole 0.5.5. +# Generated by GNU Autoconf 2.69 for Pigeonhole 0.5.6. # # Report bugs to <dovecot@dovecot.org>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='Pigeonhole' PACKAGE_TARNAME='dovecot-2.3-pigeonhole' -PACKAGE_VERSION='0.5.5' -PACKAGE_STRING='Pigeonhole 0.5.5' +PACKAGE_VERSION='0.5.6' +PACKAGE_STRING='Pigeonhole 0.5.6' PACKAGE_BUGREPORT='dovecot@dovecot.org' PACKAGE_URL='' @@ -1413,7 +1413,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Pigeonhole 0.5.5 to adapt to many kinds of systems. +\`configure' configures Pigeonhole 0.5.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1485,7 +1485,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Pigeonhole 0.5.5:";; + short | recursive ) echo "Configuration of Pigeonhole 0.5.6:";; esac cat <<\_ACEOF @@ -1610,7 +1610,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Pigeonhole configure 0.5.5 +Pigeonhole configure 0.5.6 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1979,7 +1979,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Pigeonhole $as_me 0.5.5, which was +It was created by Pigeonhole $as_me 0.5.6, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2329,7 +2329,7 @@ cat >>confdefs.h <<_ACEOF -#define PIGEONHOLE_ABI_VERSION "0.5.ABIv0($PACKAGE_VERSION)" +#define PIGEONHOLE_ABI_VERSION "0.5.ABIv6($PACKAGE_VERSION)" _ACEOF @@ -2869,7 +2869,7 @@ # Define the identity of the package. PACKAGE='dovecot-2.3-pigeonhole' - VERSION='0.5.5' + VERSION='0.5.6' # Some tools Automake needs. @@ -13907,7 +13907,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Pigeonhole $as_me 0.5.5, which was +This file was extended by Pigeonhole $as_me 0.5.6, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -13973,7 +13973,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Pigeonhole config.status 0.5.5 +Pigeonhole config.status 0.5.6 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/configure.ac new/dovecot-2.3-pigeonhole-0.5.6/configure.ac --- old/dovecot-2.3-pigeonhole-0.5.5/configure.ac 2019-03-05 12:53:18.000000000 +0100 +++ new/dovecot-2.3-pigeonhole-0.5.6/configure.ac 2019-04-30 14:26:38.000000000 +0200 @@ -2,8 +2,8 @@ # Be sure to update ABI version also if anything changes that might require # recompiling plugins. Most importantly that means if any structs are changed. -AC_INIT([Pigeonhole], [0.5.5], [dovecot@dovecot.org], [dovecot-2.3-pigeonhole]) -AC_DEFINE_UNQUOTED([PIGEONHOLE_ABI_VERSION], "0.5.ABIv0($PACKAGE_VERSION)", [Pigeonhole ABI version]) +AC_INIT([Pigeonhole], [0.5.6], [dovecot@dovecot.org], [dovecot-2.3-pigeonhole]) +AC_DEFINE_UNQUOTED([PIGEONHOLE_ABI_VERSION], "0.5.ABIv6($PACKAGE_VERSION)", [Pigeonhole ABI version]) AC_CONFIG_AUX_DIR([.]) AC_CONFIG_SRCDIR([src]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/pigeonhole-version.h new/dovecot-2.3-pigeonhole-0.5.6/pigeonhole-version.h --- old/dovecot-2.3-pigeonhole-0.5.5/pigeonhole-version.h 2019-03-05 12:53:28.000000000 +0100 +++ new/dovecot-2.3-pigeonhole-0.5.6/pigeonhole-version.h 2019-04-30 14:26:48.000000000 +0200 @@ -1,6 +1,6 @@ #ifndef PIGEONHOLE_VERSION_H #define PIGEONHOLE_VERSION_H -#define PIGEONHOLE_VERSION_FULL PIGEONHOLE_VERSION" (2483b085)" +#define PIGEONHOLE_VERSION_FULL PIGEONHOLE_VERSION" (92dc263a)" #endif /* PIGEONHOLE_VERSION_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/cmd-redirect.c new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/cmd-redirect.c --- old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/cmd-redirect.c 2019-03-05 12:53:18.000000000 +0100 +++ new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/cmd-redirect.c 2019-04-30 14:26:38.000000000 +0200 @@ -275,13 +275,13 @@ *keep = FALSE; } -static int act_redirect_send -(const struct sieve_action_exec_env *aenv, struct mail *mail, - struct act_redirect_context *ctx, const char *new_msg_id) +static int +act_redirect_send(const struct sieve_action_exec_env *aenv, struct mail *mail, + struct act_redirect_context *ctx, const char *new_msg_id) ATTR_NULL(4) { static const char *hide_headers[] = - { "Return-Path", "X-Sieve", "X-Sieve-Redirected-From" }; + { "Return-Path" }; struct sieve_instance *svinst = aenv->svinst; struct sieve_message_context *msgctx = aenv->msgctx; const struct sieve_script_env *senv = aenv->scriptenv; @@ -294,43 +294,46 @@ int ret; /* Just to be sure */ - if ( !sieve_smtp_available(senv) ) { - sieve_result_global_warning - (aenv, "redirect action has no means to send mail."); + if (!sieve_smtp_available(senv)) { + sieve_result_global_warning( + aenv, "redirect action: no means to send mail"); return SIEVE_EXEC_FAILURE; } if (mail_get_stream(mail, NULL, NULL, &input) < 0) { - return sieve_result_mail_error(aenv, mail, - "redirect action: failed to read input message"); + return sieve_result_mail_error( + aenv, mail, "redirect action: " + "failed to read input message"); } /* Determine which sender to use From RFC 5228, Section 4.2: - The envelope sender address on the outgoing message is chosen by the - sieve implementation. It MAY be copied from the message being - processed. However, if the message being processed has an empty - envelope sender address the outgoing message MUST also have an empty - envelope sender address. This last requirement is imposed to prevent - loops in the case where a message is redirected to an invalid address - when then returns a delivery status notification that also ends up - being redirected to the same invalid address. + The envelope sender address on the outgoing message is chosen by the + sieve implementation. It MAY be copied from the message being + processed. However, if the message being processed has an empty + envelope sender address the outgoing message MUST also have an empty + envelope sender address. This last requirement is imposed to prevent + loops in the case where a message is redirected to an invalid address + when then returns a delivery status notification that also ends up + being redirected to the same invalid address. */ - if ( (aenv->flags & SIEVE_EXECUTE_FLAG_NO_ENVELOPE) == 0 ) { + if ((aenv->flags & SIEVE_EXECUTE_FLAG_NO_ENVELOPE) == 0) { /* Envelope available */ sender = sieve_message_get_sender(msgctx); - if ( sender != NULL && - sieve_address_source_get_address(&env_from, svinst, - senv, msgctx, aenv->flags, &sender) < 0 ) + if (sender != NULL && + sieve_address_source_get_address( + &env_from, svinst, senv, msgctx, aenv->flags, + &sender) < 0) sender = NULL; } else { /* No envelope available */ - if ( (ret=sieve_address_source_get_address(&env_from, svinst, - senv, msgctx, aenv->flags, &sender)) < 0 ) { + ret = sieve_address_source_get_address( + &env_from, svinst, senv, msgctx, aenv->flags, &sender); + if (ret < 0) { sender = NULL; - } else if ( ret == 0 ) { + } else if (ret == 0) { sender = svinst->user_email; } } @@ -339,29 +342,31 @@ sctx = sieve_smtp_start_single(senv, ctx->to_address, sender, &output); /* Remove unwanted headers */ - input = i_stream_create_header_filter - (input, HEADER_FILTER_EXCLUDE | HEADER_FILTER_NO_CR, hide_headers, - N_ELEMENTS(hide_headers), *null_header_filter_callback, (void *)NULL); + input = i_stream_create_header_filter( + input, HEADER_FILTER_EXCLUDE | HEADER_FILTER_NO_CR, + hide_headers, N_ELEMENTS(hide_headers), + *null_header_filter_callback, (void *)NULL); T_BEGIN { string_t *hdr = t_str_new(256); const struct smtp_address *user_email; /* Prepend sieve headers (should not affect signatures) */ - rfc2822_header_append(hdr, - "X-Sieve", SIEVE_IMPLEMENTATION, FALSE, NULL); - if ( svinst->user_email == NULL && - (aenv->flags & SIEVE_EXECUTE_FLAG_NO_ENVELOPE) == 0 ) + rfc2822_header_append(hdr, "X-Sieve", SIEVE_IMPLEMENTATION, + FALSE, NULL); + if (svinst->user_email == NULL && + (aenv->flags & SIEVE_EXECUTE_FLAG_NO_ENVELOPE) == 0) user_email = sieve_message_get_final_recipient(msgctx); else user_email = sieve_get_user_email(aenv->svinst); - if ( user_email != NULL ) { + if (user_email != NULL) { rfc2822_header_append(hdr, "X-Sieve-Redirected-From", - smtp_address_encode(user_email), FALSE, NULL); + smtp_address_encode(user_email), + FALSE, NULL); } /* Add new Message-ID if message doesn't have one */ - if ( new_msg_id != NULL ) + if (new_msg_id != NULL) rfc2822_header_write(hdr, "Message-ID", new_msg_id); o_stream_nsend(output, str_data(hdr), str_len(hdr)); @@ -370,20 +375,22 @@ o_stream_nsend_istream(output, input); if (input->stream_errno != 0) { - sieve_result_critical(aenv, - "redirect action: failed to read input message", + sieve_result_critical( + aenv, "redirect action: " + "failed to read input message", "redirect action: read(%s) failed: %s", i_stream_get_name(input), i_stream_get_error(input)); i_stream_unref(&input); return SIEVE_EXEC_TEMP_FAILURE; } - i_stream_unref(&input); + i_stream_unref(&input); /* Close SMTP transport */ - if ( (ret=sieve_smtp_finish(sctx, &error)) <= 0 ) { - if ( ret < 0 ) { - sieve_result_global_error(aenv, + if ((ret = sieve_smtp_finish(sctx, &error)) <= 0) { + if (ret < 0) { + sieve_result_global_error( + aenv, "redirect action: " "failed to redirect message to <%s>: %s " "(temporary failure)", smtp_address_encode(ctx->to_address), @@ -391,7 +398,8 @@ return SIEVE_EXEC_TEMP_FAILURE; } - sieve_result_global_log_error(aenv, + sieve_result_global_log_error( + aenv, "redirect action: " "failed to redirect message to <%s>: %s " "(permanent failure)", smtp_address_encode(ctx->to_address), @@ -402,55 +410,36 @@ return SIEVE_EXEC_OK; } -static int act_redirect_commit -(const struct sieve_action *action, - const struct sieve_action_exec_env *aenv, void *tr_context ATTR_UNUSED, - bool *keep) +static int +act_redirect_get_duplicate_id(struct act_redirect_context *ctx, + const struct sieve_action_exec_env *aenv, + const char *msg_id, const char **dupeid_r) { - struct sieve_instance *svinst = aenv->svinst; - struct act_redirect_context *ctx = - (struct act_redirect_context *) action->context; struct sieve_message_context *msgctx = aenv->msgctx; - struct mail *mail = ( action->mail != NULL ? - action->mail : sieve_message_get_mail(msgctx) ); const struct sieve_message_data *msgdata = aenv->msgdata; - const struct sieve_script_env *senv = aenv->scriptenv; + struct mail *mail = msgdata->mail; const struct smtp_address *recipient; - const char *msg_id = msgdata->id, *new_msg_id = NULL; - const char *dupeid, *resent_id = NULL; - const char *list_id = NULL; - int ret; - - /* - * Prevent mail loops - */ + const char *resent_id = NULL, *list_id = NULL; /* Read identifying headers */ - if ( mail_get_first_header - (msgdata->mail, "resent-message-id", &resent_id) < 0 ) { - return sieve_result_mail_error(aenv, mail, + if (mail_get_first_header(mail, "resent-message-id", &resent_id) < 0) { + return sieve_result_mail_error( + aenv, mail, "redirect action: " "failed to read header field `resent-message-id'"); } - if ( resent_id == NULL ) { - if ( mail_get_first_header - (msgdata->mail, "resent-from", &resent_id) < 0 ) { - return sieve_result_mail_error(aenv, mail, - "failed to read header field `resent-from'"); - } + if (resent_id == NULL && + mail_get_first_header(mail, "resent-from", &resent_id) < 0) { + return sieve_result_mail_error( + aenv, mail, "redirect action: " + "failed to read header field `resent-from'"); } - if ( mail_get_first_header - (msgdata->mail, "list-id", &list_id) < 0 ) { - return sieve_result_mail_error(aenv, mail, + if (mail_get_first_header(mail, "list-id", &list_id) < 0) { + return sieve_result_mail_error( + aenv, mail, "redirect action: " "failed to read header field `list-id'"); } - /* Create Message-ID for the message if it has none */ - if ( msg_id == NULL ) { - msg_id = new_msg_id = - sieve_message_get_new_id(aenv->svinst); - } - - if ( (aenv->flags & SIEVE_EXECUTE_FLAG_NO_ENVELOPE) == 0 ) + if ((aenv->flags & SIEVE_EXECUTE_FLAG_NO_ENVELOPE) == 0) recipient = sieve_message_get_orig_recipient(msgctx); else recipient = sieve_get_user_email(aenv->svinst); @@ -463,34 +452,132 @@ the original message - if the message came through a mailing list: the mailinglist ID */ - dupeid = t_strdup_printf("%s-%s-%s-%s-%s", msg_id, + *dupeid_r = t_strdup_printf("%s-%s-%s-%s-%s", msg_id, (recipient != NULL ? smtp_address_encode(recipient) : ""), smtp_address_encode(ctx->to_address), (resent_id != NULL ? resent_id : ""), (list_id != NULL ? list_id : "")); + return SIEVE_EXEC_OK; +} + +static int +act_redirect_check_loop_header(const struct sieve_action_exec_env *aenv, + struct mail *mail, bool *loop_detected_r) +{ + struct sieve_message_context *msgctx = aenv->msgctx; + const char *const *headers; + const char *recipient, *user_email; + const struct smtp_address *addr; + int ret; + + *loop_detected_r = FALSE; + + ret = mail_get_headers(mail, "x-sieve-redirected-from", &headers); + if (ret < 0 ) { + return sieve_result_mail_error( + aenv, mail, "redirect action: " + "failed to read header field " + "`x-sieve-redirected-from'"); + } + + if (ret == 0) + return SIEVE_EXEC_OK; + + recipient = user_email = NULL; + if ((aenv->flags & SIEVE_EXECUTE_FLAG_NO_ENVELOPE) == 0) { + addr = sieve_message_get_final_recipient(msgctx); + if (addr != NULL) + recipient = smtp_address_encode(addr); + } + addr = sieve_get_user_email(aenv->svinst); + if (addr != NULL) + user_email = smtp_address_encode(addr); + + while (*headers != NULL) { + const char *header = t_str_trim(*headers, " \t\r\n"); + if (recipient != NULL && strcmp(header, recipient) == 0) { + *loop_detected_r = TRUE; + break; + } + if (user_email != NULL && strcmp(header, user_email) == 0) { + *loop_detected_r = TRUE; + break; + } + headers++; + } + + return SIEVE_EXEC_OK; +} + +static int +act_redirect_commit(const struct sieve_action *action, + const struct sieve_action_exec_env *aenv, + void *tr_context ATTR_UNUSED, bool *keep) +{ + struct sieve_instance *svinst = aenv->svinst; + struct act_redirect_context *ctx = + (struct act_redirect_context *) action->context; + struct sieve_message_context *msgctx = aenv->msgctx; + struct mail *mail = (action->mail != NULL ? + action->mail : sieve_message_get_mail(msgctx)); + const struct sieve_message_data *msgdata = aenv->msgdata; + const struct sieve_script_env *senv = aenv->scriptenv; + const char *msg_id = msgdata->id, *new_msg_id = NULL; + const char *dupeid = NULL; + bool loop_detected = FALSE; + int ret; + + /* + * Prevent mail loops + */ + + /* Create Message-ID for the message if it has none */ + if (msg_id == NULL) + msg_id = new_msg_id = sieve_message_get_new_id(aenv->svinst); + + /* Create ID for duplicate database lookup */ + ret = act_redirect_get_duplicate_id(ctx, aenv, msg_id, &dupeid); + if (ret != SIEVE_EXEC_OK) + return ret; + i_assert(dupeid != NULL); /* Check whether we've seen this message before */ - if (sieve_action_duplicate_check - (senv, dupeid, strlen(dupeid))) { - sieve_result_global_log(aenv, + if (sieve_action_duplicate_check(senv, dupeid, strlen(dupeid))) { + sieve_result_global_log( + aenv, "redirect action: " "discarded duplicate forward to <%s>", smtp_address_encode(ctx->to_address)); *keep = FALSE; return SIEVE_EXEC_OK; } + /* Check whether we've seen this message before based on added headers + */ + ret = act_redirect_check_loop_header(aenv, mail, &loop_detected); + if (ret != SIEVE_EXEC_OK) + return ret; + if (loop_detected) { + sieve_result_global_log( + aenv, "redirect action: " + "not forwarding message to <%s>: " + "the `x-sieve-redirected-from' header indicates a mail loop", + smtp_address_encode(ctx->to_address)); + return SIEVE_EXEC_OK; + } + /* * Try to forward the message */ - if ( (ret=act_redirect_send - (aenv, mail, ctx, new_msg_id)) == SIEVE_EXEC_OK) { - - /* Mark this message id as forwarded to the specified destination */ + ret = act_redirect_send(aenv, mail, ctx, new_msg_id); + if (ret == SIEVE_EXEC_OK) { + /* Mark this message id as forwarded to the specified + destination */ sieve_action_duplicate_mark(senv, dupeid, strlen(dupeid), ioloop_time + svinst->redirect_duplicate_period); - sieve_result_global_log(aenv, "forwarded to <%s>", + sieve_result_global_log( + aenv, "redirect action: forwarded to <%s>", smtp_address_encode(ctx->to_address)); /* Indicate that message was successfully forwarded */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/plugins/editheader/ext-editheader-common.c new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/plugins/editheader/ext-editheader-common.c --- old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/plugins/editheader/ext-editheader-common.c 2019-03-05 12:53:18.000000000 +0100 +++ new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/plugins/editheader/ext-editheader-common.c 2019-04-30 14:26:38.000000000 +0200 @@ -156,6 +156,8 @@ if ( strcasecmp(hname, "subject") == 0 ) return TRUE; + if ( strcasecmp(hname, "x-sieve-redirected-from") == 0 ) + return FALSE; if ( (header=ext_editheader_config_header_find (ext_config, hname)) == NULL ) @@ -174,6 +176,8 @@ if ( strcasecmp(hname, "received") == 0 || strcasecmp(hname, "auto-submitted") == 0 ) return FALSE; + if ( strcasecmp(hname, "x-sieve-redirected-from") == 0 ) + return FALSE; if ( strcasecmp(hname, "subject") == 0 ) return TRUE; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/sieve-result.c new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/sieve-result.c --- old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/sieve-result.c 2019-03-05 12:53:18.000000000 +0100 +++ new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/sieve-result.c 2019-04-30 14:26:38.000000000 +0200 @@ -139,8 +139,7 @@ sieve_message_context_unref(&(*result)->action_env.msgctx); - if ( hash_table_is_created((*result)->action_contexts) ) - hash_table_destroy(&(*result)->action_contexts); + hash_table_destroy(&(*result)->action_contexts); if ( (*result)->action_env.ehandler != NULL ) sieve_error_handler_unref(&(*result)->action_env.ehandler); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/sieve.c new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/sieve.c --- old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/sieve.c 2019-03-05 12:53:18.000000000 +0100 +++ new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/sieve.c 2019-04-30 14:26:38.000000000 +0200 @@ -714,14 +714,16 @@ sieve_multiscript_execute(mscript, action_ehandler, flags, &mscript->keep); } - mscript->active = - ( mscript->active && mscript->keep && mscript->status > 0 ); + if ( !mscript->keep ) + mscript->active = FALSE; } - if ( mscript->status <= 0 ) + if ( !mscript->active || mscript->status <= 0 ) { + mscript->active = FALSE; return FALSE; + } - return mscript->active; + return TRUE; } bool sieve_multiscript_will_discard diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/src/plugins/imapsieve/imap-sieve-storage.c new/dovecot-2.3-pigeonhole-0.5.6/src/plugins/imapsieve/imap-sieve-storage.c --- old/dovecot-2.3-pigeonhole-0.5.5/src/plugins/imapsieve/imap-sieve-storage.c 2019-03-05 12:53:18.000000000 +0100 +++ new/dovecot-2.3-pigeonhole-0.5.6/src/plugins/imapsieve/imap-sieve-storage.c 2019-04-30 14:26:38.000000000 +0200 @@ -1157,8 +1157,7 @@ if (isuser->isieve != NULL) imap_sieve_deinit(&isuser->isieve); - if (hash_table_is_created(isuser->mbox_rules)) - hash_table_destroy(&isuser->mbox_rules); + hash_table_destroy(&isuser->mbox_rules); if (array_is_created(&isuser->mbox_patterns)) array_free(&isuser->mbox_patterns); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/tests/execute/smtp.svtest new/dovecot-2.3-pigeonhole-0.5.6/tests/execute/smtp.svtest --- old/dovecot-2.3-pigeonhole-0.5.5/tests/execute/smtp.svtest 2019-03-05 12:53:18.000000000 +0100 +++ new/dovecot-2.3-pigeonhole-0.5.6/tests/execute/smtp.svtest 2019-04-30 14:26:38.000000000 +0200 @@ -346,3 +346,104 @@ } } +/* + * Redirect mail loop (sieve_user_email) + */ + +test_result_reset; +test_set "message" text: +X-Sieve-Redirected-From: t.sirainen@example.net +From: stephan@example.org +To: tss@example.net +Subject: Frop! + +Frop! +. +; +test_set "envelope.from" "sirius@example.org"; +test_set "envelope.to" "timo@example.net"; +test_set "envelope.orig_to" "tss@example.net"; + +test_config_set "sieve_redirect_envelope_from" "user_email"; +test_config_set "sieve_user_email" "t.sirainen@example.net"; +test_config_reload; + +test "Redirect mail loop (sieve_user_email)" { + redirect "cras@example.net"; + + if not test_result_execute { + test_fail "failed to execute redirect"; + } + + if test_message :smtp 0 { + test_fail "failed to recognize mail loop"; + } +} + +/* + * Redirect mail loop (final recipient) + */ + +test_result_reset; +test_set "message" text: +X-Sieve-Redirected-From: timo@example.net +From: stephan@example.org +To: tss@example.net +Subject: Frop! + +Frop! +. +; +test_set "envelope.from" "sirius@example.org"; +test_set "envelope.to" "timo@example.net"; +test_set "envelope.orig_to" "tss@example.net"; + +test_config_reload; + +test "Redirect mail loop (final recipient)" { + redirect "cras@example.net"; + + if not test_result_execute { + test_fail "failed to execute redirect"; + } + + if test_message :smtp 0 { + test_fail "failed to recognize mail loop"; + } +} + +/* + * Redirect mail loop (multiple headers) + */ + +test_result_reset; +test_set "message" text: +X-Sieve-Redirected-From: stephan@example.net +From: stephan@example.org +To: tss@example.net +Subject: Frop! +X-Sieve-Redirected-From: t.sirainen@example.net +X-Sieve-Redirected-From: t.sirainen@example.com + +Frop! +. +; +test_set "envelope.from" "sirius@example.org"; +test_set "envelope.to" "timo@example.net"; +test_set "envelope.orig_to" "tss@example.net"; + +test_config_set "sieve_redirect_envelope_from" "user_email"; +test_config_set "sieve_user_email" "t.sirainen@example.net"; +test_config_reload; + +test "Redirect mail loop (sieve_user_email)" { + redirect "cras@example.net"; + + if not test_result_execute { + test_fail "failed to execute redirect"; + } + + if test_message :smtp 0 { + test_fail "failed to recognize mail loop"; + } +} ++++++ dovecot-2.3-pigeonhole-0.5.5.tar.gz -> dovecot-2.3.6.tar.gz ++++++ /work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3-pigeonhole-0.5.5.tar.gz /work/SRC/openSUSE:Factory/.dovecot23.new.5148/dovecot-2.3.6.tar.gz differ: char 5, line 1