commit dovecot23 for openSUSE:Factory

2 May 2019

Hello community,

here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-05-02 19:18:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
 and      /work/SRC/openSUSE:Factory/.dovecot23.new.5148 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "dovecot23"

Thu May  2 19:18:31 2019 rev:18 rq:699690 version:2.3.6

Changes:
--------

--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes	2019-04-19 18:38:46.763214914 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.5148/dovecot23.changes	2019-05-02 19:18:38.661562344 +0200
@@ -1,0 +2,51 @@
+Tue Apr 30 13:49:18 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
+
+- update pigeonhole to 0.5.6
+  + sieve: Redirect loop prevention is sometimes ineffective.
+    Improve existing loop detection by also recognizing the
+    X-Sieve-Redirected-From header in incoming messages and
+    dropping redirect actions when it points to the sending
+    account. This header is already added by the redirect action,
+    so this improvement only adds an additional use of this header.
+  - sieve: Prevent execution of implicit keep upon temporary
+    failure occurring at runtime.
+
+-------------------------------------------------------------------
+Tue Apr 30 13:34:16 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 2.3.6: (boo#1133624 boo#1133625)
+  * CVE-2019-11494: Submission-login crashed with signal 11 due to
+    null pointer access when authentication was aborted by
+    disconnecting.
+  * CVE-2019-11499: Submission-login crashed when authentication
+    was started over TLS secured channel and invalid authentication
+    message was sent.
+  * auth: Support password grant with passdb oauth2.
+  + Use system default CAs for outbound TLS connections.
+  + Simplify array handling with new helper macros.
+  + fts_solr: Enable configuring batch_size and soft_commit features.
+  - lmtp/submission: Fixed various bugs in XCLIENT handling,
+    including a hang when XCLIENT commands were sent infinitely to
+    the remote server.
+  - lmtp/submission: Forwarded multi-line replies were erroneously
+    sent as two replies to the client.
+  - lib-smtp: client: Message was not guaranteed to contain CRLF
+    consistently when CHUNKING was used.
+  - fts_solr: Plugin was no longer compatible with Solr 7.
+  - Make it possible to disable certificate checking without
+    setting ssl_client_ca_* settings.
+  - pop3c: SSL support was broken.
+  - mysql: Closing connection twice lead to crash on some systems.
+  - auth: Multiple oauth2 passdbs crashed auth process on deinit.
+  - HTTP client connection errors infrequently triggered a
+    segmentation fault when the connection was idle and not used
+    for a particular client instance.
+- drop https://github.com/dovecot/core/commit/3c5101ffd.patch
+
+-------------------------------------------------------------------
+Mon Apr 29 22:11:53 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
+
+- backport https://github.com/dovecot/core/commit/3c5101ffd.patch
+  [PATCH] driver-mysql: Avoid double-closing MySQL connection
+
+-------------------------------------------------------------------

Old:
----
  dovecot-2.3-pigeonhole-0.5.5.tar.gz
  dovecot-2.3-pigeonhole-0.5.5.tar.gz.sig
  dovecot-2.3.5.2.tar.gz
  dovecot-2.3.5.2.tar.gz.sig

New:
----
  dovecot-2.3-pigeonhole-0.5.6.tar.gz
  dovecot-2.3-pigeonhole-0.5.6.tar.gz.sig
  dovecot-2.3.6.tar.gz
  dovecot-2.3.6.tar.gz.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ dovecot23.spec ++++++
--- /var/tmp/diff_new_pack.2FCLCQ/_old	2019-05-02 19:18:39.597563992 +0200
+++ /var/tmp/diff_new_pack.2FCLCQ/_new	2019-05-02 19:18:39.601563999 +0200
@@ -17,11 +17,11 @@
 
 
 Name:           dovecot23
-Version:        2.3.5.2
+Version:        2.3.6
 Release:        0
 %define pkg_name dovecot
-%define dovecot_version 2.3.5.2
-%define dovecot_pigeonhole_version 0.5.5
+%define dovecot_version 2.3.6
+%define dovecot_pigeonhole_version 0.5.6
 %define dovecot_branch  2.3
 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
 %define dovecot_pigeonhole_docdir     %{_docdir}/%{pkg_name}/dovecot-pigeonhole

++++++ dovecot-2.3-pigeonhole-0.5.5.tar.gz -> dovecot-2.3-pigeonhole-0.5.6.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/ChangeLog new/dovecot-2.3-pigeonhole-0.5.6/ChangeLog
--- old/dovecot-2.3-pigeonhole-0.5.5/ChangeLog	2019-03-05 12:53:28.000000000 +0100
+++ new/dovecot-2.3-pigeonhole-0.5.6/ChangeLog	2019-04-30 14:26:49.000000000 +0200
@@ -1,11 +1,132 @@
-2019-03-05 13:48:57 +0200 Aki Tuomi <aki.tuomi@open-xchange.com> (2483b085)
+2019-04-30 14:30:41 +0300 Aki Tuomi <aki.tuomi@open-xchange.com> (92dc263a)
 
-    Release v0.5.5 for Dovecot v2.3.5
+    Released v0.5.6
 
 
 M	configure.ac
 
-2019-03-04 15:01:08 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (0a9f9095)
+2019-04-30 14:26:16 +0300 Aki Tuomi <aki.tuomi@open-xchange.com> (18751d35)
+
+    NEWS: Add news for v0.5.6
+
+
+M	NEWS
+
+2019-01-16 08:51:09 -0500 Josef 'Jeff' Sipek <jeffpc@josefsipek.net> (ea20d2d9)
+
+    global: hash_table_destroy(NULL) is a no-op
+
+    @@ expression E;
+    @@
+
+    - if (hash_table_is_created(E)) {
+    -       hash_table_destroy(&E);
+    - }
+    + hash_table_destroy(&E);
+
+M	src/lib-sieve/sieve-result.c
+M	src/plugins/imapsieve/imap-sieve-storage.c
+
+2019-01-24 22:46:09 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (3733c159)
+
+    lib-sieve: Prevent execution of implicit keep upon temporary failure
+    occurring at runtime.
+
+
+M	src/lib-sieve/sieve.c
+
+2018-12-12 18:46:50 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (76a44097)
+
+    lib-sieve: redirect action: Assert that dupeid is not NULL when
+    act_redirect_get_duplicate_id() is successful.
+
+    Addresses scan-build report.
+
+M	src/lib-sieve/cmd-redirect.c
+
+2018-12-12 18:45:00 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (2c5a4cb5)
+
+    lib-sieve: redirect action: Fix lack of NULL checking in new
+    X-Sieve-Redirected-From header comparisons.
+
+    Problem found by scan-build.
+
+M	src/lib-sieve/cmd-redirect.c
+
+2018-12-11 17:29:18 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (049de1fc)
+
+    lib-sieve: redirect action: Implement additional protection against mail
+    loops.
+
+    Also check the X-Sieve-Redirected-From header for our own e-mail addresses.
+    This header is added by the redirect action itself and in a mail loop it
+    would see that same header with that same content. This is less reliable
+    than the other mail loop detection (sender may set such a header), so,
+    unlike the existing loop detection based on the duplicate db, the implicit
+    keep is not canceled when the new loop detection is triggered.
+
+M	src/lib-sieve/cmd-redirect.c
+M	tests/execute/smtp.svtest
+
+2018-12-11 17:27:20 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (663ac718)
+
+    lib-sieve: redirect action: Put msgdata->mail in local variable in
+    act_redirect_get_duplicate_id().
+
+    Serves as an abbreviation.
+
+M	src/lib-sieve/cmd-redirect.c
+
+2018-12-11 17:26:56 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (c3c9a521)
+
+    lib-sieve: redirect action: Move composition of duplicate database ID to
+    separate function.
+
+
+M	src/lib-sieve/cmd-redirect.c
+
+2018-12-11 20:28:51 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (2c52769b)
+
+    lib-sieve: redirect action: Give log messages emitted during execution a
+    uniform prefix.
+
+
+M	src/lib-sieve/cmd-redirect.c
+
+2018-12-11 17:25:12 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (dd626dfe)
+
+    lib-sieve: redirect action: Report errors on original message in
+    act_redirect_commit().
+
+    It was errorneously using the (potentially) modified mail struct for error 
+    reporting.
+
+M	src/lib-sieve/cmd-redirect.c
+
+2018-12-11 17:24:38 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (88792972)
+
+    lib-sieve: redirect action: Update coding style of act_redirect_commit().
+
+
+M	src/lib-sieve/cmd-redirect.c
+
+2018-12-11 20:25:12 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (7d2d1eca)
+
+    lib-sieve: redirect action: Update coding style of act_redirect_send().
+
+
+M	src/lib-sieve/cmd-redirect.c
+
+2018-12-11 17:23:06 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (4ef89d76)
+
+    lib-sieve: editheader extension: Protect the X-Sieve-Redirected-From header
+    against modification.
+
+    This prevents users from messing with redirect loop detection.
+
+M	src/lib-sieve/plugins/editheader/ext-editheader-common.c
+
+2019-03-04 15:01:08 +0100 Stephan Bosch <stephan.bosch@dovecot.fi> (73378b27)
 
     Update NEWS file for v0.5.5 release.
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/NEWS new/dovecot-2.3-pigeonhole-0.5.6/NEWS
--- old/dovecot-2.3-pigeonhole-0.5.5/NEWS	2019-03-05 12:53:18.000000000 +0100
+++ new/dovecot-2.3-pigeonhole-0.5.6/NEWS	2019-04-30 14:26:38.000000000 +0200
@@ -1,3 +1,14 @@
+v0.5.6 2019-04-30  Aki Tuomi <aki.tuomi@open-xchange.com>
+
+	+ sieve: Redirect loop prevention is sometimes ineffective. Improve
+	  existing loop detection by also recognizing the
+	  X-Sieve-Redirected-From header in incoming messages and dropping
+	  redirect actions when it points to the sending account. This header
+	  is already added by the redirect action, so this improvement only
+	  adds an additional use of this header.
+	- sieve: Prevent execution of implicit keep upon temporary failure
+	  occurring at runtime.
+
 v0.5.5 2019-03-05  Stephan Bosch <stephan@rename-it.nl>
 
 	+ IMAPSieve: Add new plugin/imapsieve_expunge_discarded setting which
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/configure new/dovecot-2.3-pigeonhole-0.5.6/configure
--- old/dovecot-2.3-pigeonhole-0.5.5/configure	2019-03-05 12:53:23.000000000 +0100
+++ new/dovecot-2.3-pigeonhole-0.5.6/configure	2019-04-30 14:26:43.000000000 +0200
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for Pigeonhole 0.5.5.
+# Generated by GNU Autoconf 2.69 for Pigeonhole 0.5.6.
 #
 # Report bugs to <dovecot@dovecot.org>.
 #
@@ -590,8 +590,8 @@
 # Identity of this package.
 PACKAGE_NAME='Pigeonhole'
 PACKAGE_TARNAME='dovecot-2.3-pigeonhole'
-PACKAGE_VERSION='0.5.5'
-PACKAGE_STRING='Pigeonhole 0.5.5'
+PACKAGE_VERSION='0.5.6'
+PACKAGE_STRING='Pigeonhole 0.5.6'
 PACKAGE_BUGREPORT='dovecot@dovecot.org'
 PACKAGE_URL=''
 
@@ -1413,7 +1413,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures Pigeonhole 0.5.5 to adapt to many kinds of systems.
+\`configure' configures Pigeonhole 0.5.6 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1485,7 +1485,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of Pigeonhole 0.5.5:";;
+     short | recursive ) echo "Configuration of Pigeonhole 0.5.6:";;
    esac
   cat <<\_ACEOF
 
@@ -1610,7 +1610,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-Pigeonhole configure 0.5.5
+Pigeonhole configure 0.5.6
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1979,7 +1979,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by Pigeonhole $as_me 0.5.5, which was
+It was created by Pigeonhole $as_me 0.5.6, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2329,7 +2329,7 @@
 
 
 cat >>confdefs.h <<_ACEOF
-#define PIGEONHOLE_ABI_VERSION "0.5.ABIv0($PACKAGE_VERSION)"
+#define PIGEONHOLE_ABI_VERSION "0.5.ABIv6($PACKAGE_VERSION)"
 _ACEOF
 
 
@@ -2869,7 +2869,7 @@
 
 # Define the identity of the package.
  PACKAGE='dovecot-2.3-pigeonhole'
- VERSION='0.5.5'
+ VERSION='0.5.6'
 
 
 # Some tools Automake needs.
@@ -13907,7 +13907,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by Pigeonhole $as_me 0.5.5, which was
+This file was extended by Pigeonhole $as_me 0.5.6, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -13973,7 +13973,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-Pigeonhole config.status 0.5.5
+Pigeonhole config.status 0.5.6
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/configure.ac new/dovecot-2.3-pigeonhole-0.5.6/configure.ac
--- old/dovecot-2.3-pigeonhole-0.5.5/configure.ac	2019-03-05 12:53:18.000000000 +0100
+++ new/dovecot-2.3-pigeonhole-0.5.6/configure.ac	2019-04-30 14:26:38.000000000 +0200
@@ -2,8 +2,8 @@
 
 # Be sure to update ABI version also if anything changes that might require
 # recompiling plugins. Most importantly that means if any structs are changed.
-AC_INIT([Pigeonhole], [0.5.5], [dovecot@dovecot.org], [dovecot-2.3-pigeonhole])
-AC_DEFINE_UNQUOTED([PIGEONHOLE_ABI_VERSION], "0.5.ABIv0($PACKAGE_VERSION)", [Pigeonhole ABI version])
+AC_INIT([Pigeonhole], [0.5.6], [dovecot@dovecot.org], [dovecot-2.3-pigeonhole])
+AC_DEFINE_UNQUOTED([PIGEONHOLE_ABI_VERSION], "0.5.ABIv6($PACKAGE_VERSION)", [Pigeonhole ABI version])
 
 AC_CONFIG_AUX_DIR([.])
 AC_CONFIG_SRCDIR([src])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/pigeonhole-version.h new/dovecot-2.3-pigeonhole-0.5.6/pigeonhole-version.h
--- old/dovecot-2.3-pigeonhole-0.5.5/pigeonhole-version.h	2019-03-05 12:53:28.000000000 +0100
+++ new/dovecot-2.3-pigeonhole-0.5.6/pigeonhole-version.h	2019-04-30 14:26:48.000000000 +0200
@@ -1,6 +1,6 @@
 #ifndef PIGEONHOLE_VERSION_H
 #define PIGEONHOLE_VERSION_H
 
-#define PIGEONHOLE_VERSION_FULL PIGEONHOLE_VERSION" (2483b085)"
+#define PIGEONHOLE_VERSION_FULL PIGEONHOLE_VERSION" (92dc263a)"
 
 #endif /* PIGEONHOLE_VERSION_H */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/cmd-redirect.c new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/cmd-redirect.c
--- old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/cmd-redirect.c	2019-03-05 12:53:18.000000000 +0100
+++ new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/cmd-redirect.c	2019-04-30 14:26:38.000000000 +0200
@@ -275,13 +275,13 @@
 	*keep = FALSE;
 }
 
-static int act_redirect_send
-(const struct sieve_action_exec_env *aenv, struct mail *mail,
-	struct act_redirect_context *ctx, const char *new_msg_id)
+static int
+act_redirect_send(const struct sieve_action_exec_env *aenv, struct mail *mail,
+		  struct act_redirect_context *ctx, const char *new_msg_id)
 	ATTR_NULL(4)
 {
 	static const char *hide_headers[] =
-		{ "Return-Path", "X-Sieve", "X-Sieve-Redirected-From" };
+		{ "Return-Path" };
 	struct sieve_instance *svinst = aenv->svinst;
 	struct sieve_message_context *msgctx = aenv->msgctx;
 	const struct sieve_script_env *senv = aenv->scriptenv;
@@ -294,43 +294,46 @@
 	int ret;
 
 	/* Just to be sure */
-	if ( !sieve_smtp_available(senv) ) {
-		sieve_result_global_warning
-			(aenv, "redirect action has no means to send mail.");
+	if (!sieve_smtp_available(senv)) {
+		sieve_result_global_warning(
+			aenv, "redirect action: no means to send mail");
 		return SIEVE_EXEC_FAILURE;
 	}
 
 	if (mail_get_stream(mail, NULL, NULL, &input) < 0) {
-		return sieve_result_mail_error(aenv, mail,
-			"redirect action: failed to read input message");
+		return sieve_result_mail_error(
+			aenv, mail, "redirect action: "
+			"failed to read input message");
 	}
 
 	/* Determine which sender to use
 
 	   From RFC 5228, Section 4.2:
 
-		 The envelope sender address on the outgoing message is chosen by the
-		 sieve implementation.  It MAY be copied from the message being
-		 processed.  However, if the message being processed has an empty
-		 envelope sender address the outgoing message MUST also have an empty
-		 envelope sender address.  This last requirement is imposed to prevent
-		 loops in the case where a message is redirected to an invalid address
-		 when then returns a delivery status notification that also ends up
-		 being redirected to the same invalid address.
+	   The envelope sender address on the outgoing message is chosen by the
+	   sieve implementation. It MAY be copied from the message being
+	   processed. However, if the message being processed has an empty
+	   envelope sender address the outgoing message MUST also have an empty
+	   envelope sender address. This last requirement is imposed to prevent
+	   loops in the case where a message is redirected to an invalid address
+	   when then returns a delivery status notification that also ends up
+	   being redirected to the same invalid address.
 	 */
-	if ( (aenv->flags & SIEVE_EXECUTE_FLAG_NO_ENVELOPE) == 0 ) {
+	if ((aenv->flags & SIEVE_EXECUTE_FLAG_NO_ENVELOPE) == 0) {
 		/* Envelope available */
 		sender = sieve_message_get_sender(msgctx);
-		if ( sender != NULL &&
-			sieve_address_source_get_address(&env_from, svinst,
-				senv, msgctx, aenv->flags, &sender) < 0 )
+		if (sender != NULL &&
+		    sieve_address_source_get_address(
+			&env_from, svinst, senv, msgctx, aenv->flags,
+			&sender) < 0)
 			sender = NULL;
 	} else {
 		/* No envelope available */
-		if ( (ret=sieve_address_source_get_address(&env_from, svinst,
-			senv, msgctx, aenv->flags, &sender)) < 0 ) {
+		ret = sieve_address_source_get_address(
+			&env_from, svinst, senv, msgctx, aenv->flags, &sender);
+		if (ret < 0) {
 			sender = NULL;
-		} else if ( ret == 0 ) {
+		} else if (ret == 0) {
 			sender = svinst->user_email;
 		}
 	}
@@ -339,29 +342,31 @@
 	sctx = sieve_smtp_start_single(senv, ctx->to_address, sender, &output);
 
 	/* Remove unwanted headers */
-	input = i_stream_create_header_filter
-		(input, HEADER_FILTER_EXCLUDE | HEADER_FILTER_NO_CR, hide_headers,
-			N_ELEMENTS(hide_headers), *null_header_filter_callback, (void *)NULL);
+	input = i_stream_create_header_filter(
+		input, HEADER_FILTER_EXCLUDE | HEADER_FILTER_NO_CR,
+		hide_headers, N_ELEMENTS(hide_headers),
+		*null_header_filter_callback, (void *)NULL);
 
 	T_BEGIN {
 		string_t *hdr = t_str_new(256);
 		const struct smtp_address *user_email;
 
 		/* Prepend sieve headers (should not affect signatures) */
-		rfc2822_header_append(hdr,
-			"X-Sieve", SIEVE_IMPLEMENTATION, FALSE, NULL);
-		if ( svinst->user_email == NULL &&
-			(aenv->flags & SIEVE_EXECUTE_FLAG_NO_ENVELOPE) == 0 )
+		rfc2822_header_append(hdr, "X-Sieve", SIEVE_IMPLEMENTATION,
+				      FALSE, NULL);
+		if (svinst->user_email == NULL &&
+		    (aenv->flags & SIEVE_EXECUTE_FLAG_NO_ENVELOPE) == 0)
 			user_email = sieve_message_get_final_recipient(msgctx);
 		else
 			user_email = sieve_get_user_email(aenv->svinst);
-		if ( user_email != NULL ) {
+		if (user_email != NULL) {
 			rfc2822_header_append(hdr, "X-Sieve-Redirected-From",
-				smtp_address_encode(user_email), FALSE, NULL);
+					      smtp_address_encode(user_email),
+					      FALSE, NULL);
 		}
 
 		/* Add new Message-ID if message doesn't have one */
-		if ( new_msg_id != NULL )
+		if (new_msg_id != NULL)
 			rfc2822_header_write(hdr, "Message-ID", new_msg_id);
 
 		o_stream_nsend(output, str_data(hdr), str_len(hdr));
@@ -370,20 +375,22 @@
 	o_stream_nsend_istream(output, input);
 
 	if (input->stream_errno != 0) {
-		sieve_result_critical(aenv,
-			"redirect action: failed to read input message",
+		sieve_result_critical(
+			aenv, "redirect action: "
+			"failed to read input message",
 			"redirect action: read(%s) failed: %s",
 			i_stream_get_name(input),
 			i_stream_get_error(input));
 		i_stream_unref(&input);
 		return SIEVE_EXEC_TEMP_FAILURE;
 	}
-  i_stream_unref(&input);
+	i_stream_unref(&input);
 
 	/* Close SMTP transport */
-	if ( (ret=sieve_smtp_finish(sctx, &error)) <= 0 ) {
-		if ( ret < 0 ) {
-			sieve_result_global_error(aenv,
+	if ((ret = sieve_smtp_finish(sctx, &error)) <= 0) {
+		if (ret < 0) {
+			sieve_result_global_error(
+				aenv, "redirect action: "
 				"failed to redirect message to <%s>: %s "
 				"(temporary failure)",
 				smtp_address_encode(ctx->to_address),
@@ -391,7 +398,8 @@
 			return SIEVE_EXEC_TEMP_FAILURE;
 		}
 
-		sieve_result_global_log_error(aenv,
+		sieve_result_global_log_error(
+			aenv, "redirect action: "
 			"failed to redirect message to <%s>: %s "
 			"(permanent failure)",
 			smtp_address_encode(ctx->to_address),
@@ -402,55 +410,36 @@
 	return SIEVE_EXEC_OK;
 }
 
-static int act_redirect_commit
-(const struct sieve_action *action,
-	const struct sieve_action_exec_env *aenv, void *tr_context ATTR_UNUSED,
-	bool *keep)
+static int
+act_redirect_get_duplicate_id(struct act_redirect_context *ctx,
+			      const struct sieve_action_exec_env *aenv,
+			      const char *msg_id, const char **dupeid_r)
 {
-	struct sieve_instance *svinst = aenv->svinst;
-	struct act_redirect_context *ctx =
-		(struct act_redirect_context *) action->context;
 	struct sieve_message_context *msgctx = aenv->msgctx;
-	struct mail *mail =	( action->mail != NULL ?
-		action->mail : sieve_message_get_mail(msgctx) );
 	const struct sieve_message_data *msgdata = aenv->msgdata;
-	const struct sieve_script_env *senv = aenv->scriptenv;
+	struct mail *mail = msgdata->mail;
 	const struct smtp_address *recipient;
-	const char *msg_id = msgdata->id, *new_msg_id = NULL;
-	const char *dupeid, *resent_id = NULL;
-	const char *list_id = NULL;
-	int ret;
-
-	/*
-	 * Prevent mail loops
-	 */
+	const char *resent_id = NULL, *list_id = NULL;
 
 	/* Read identifying headers */
-	if ( mail_get_first_header
-		(msgdata->mail, "resent-message-id", &resent_id) < 0 ) {
-		return sieve_result_mail_error(aenv, mail,
+	if (mail_get_first_header(mail, "resent-message-id", &resent_id) < 0) {
+		return sieve_result_mail_error(
+			aenv, mail, "redirect action: "
 			"failed to read header field `resent-message-id'");
 	}
-	if ( resent_id == NULL ) {
-		if ( mail_get_first_header
-			(msgdata->mail, "resent-from", &resent_id) < 0 ) {
-			return sieve_result_mail_error(aenv, mail,
-				"failed to read header field `resent-from'");
-		}
+	if (resent_id == NULL &&
+	    mail_get_first_header(mail, "resent-from", &resent_id) < 0) {
+		return sieve_result_mail_error(
+			aenv, mail, "redirect action: "
+			"failed to read header field `resent-from'");
 	}
-	if ( mail_get_first_header
-		(msgdata->mail, "list-id", &list_id) < 0 ) {
-		return sieve_result_mail_error(aenv, mail,
+	if (mail_get_first_header(mail, "list-id", &list_id) < 0) {
+		return sieve_result_mail_error(
+			aenv, mail, "redirect action: "
 			"failed to read header field `list-id'");
 	}
 
-	/* Create Message-ID for the message if it has none */
-	if ( msg_id == NULL ) {	
-		msg_id = new_msg_id =
-			sieve_message_get_new_id(aenv->svinst);
-	}
-
-	if ( (aenv->flags & SIEVE_EXECUTE_FLAG_NO_ENVELOPE) == 0 )
+	if ((aenv->flags & SIEVE_EXECUTE_FLAG_NO_ENVELOPE) == 0)
 		recipient = sieve_message_get_orig_recipient(msgctx);
 	else
 		recipient = sieve_get_user_email(aenv->svinst);
@@ -463,34 +452,132 @@
 		   the original message
 	   - if the message came through a mailing list: the mailinglist ID
 	 */
-	dupeid = t_strdup_printf("%s-%s-%s-%s-%s", msg_id,
+	*dupeid_r = t_strdup_printf("%s-%s-%s-%s-%s", msg_id,
 		(recipient != NULL ? smtp_address_encode(recipient) : ""),
 		smtp_address_encode(ctx->to_address),
 		(resent_id != NULL ? resent_id : ""),
 		(list_id != NULL ? list_id : ""));
+	return SIEVE_EXEC_OK;
+}
+
+static int
+act_redirect_check_loop_header(const struct sieve_action_exec_env *aenv,
+			       struct mail *mail, bool *loop_detected_r)
+{
+	struct sieve_message_context *msgctx = aenv->msgctx;
+	const char *const *headers;
+	const char *recipient, *user_email;
+	const struct smtp_address *addr;
+	int ret;
+
+	*loop_detected_r = FALSE;
+
+	ret = mail_get_headers(mail, "x-sieve-redirected-from", &headers);
+	if (ret < 0 ) {
+		return sieve_result_mail_error(
+			aenv, mail, "redirect action: "
+			"failed to read header field "
+			"`x-sieve-redirected-from'");
+	}
+
+	if (ret == 0)
+		return SIEVE_EXEC_OK;
+
+	recipient = user_email = NULL;
+	if ((aenv->flags & SIEVE_EXECUTE_FLAG_NO_ENVELOPE) == 0) {
+		addr = sieve_message_get_final_recipient(msgctx);
+		if (addr != NULL)
+			recipient = smtp_address_encode(addr);
+	}
+	addr = sieve_get_user_email(aenv->svinst);
+	if (addr != NULL)
+		user_email = smtp_address_encode(addr);
+
+	while (*headers != NULL) {
+		const char *header = t_str_trim(*headers, " \t\r\n");
+		if (recipient != NULL && strcmp(header, recipient) == 0) {
+			*loop_detected_r = TRUE;
+			break;
+		}
+		if (user_email != NULL && strcmp(header, user_email) == 0) {
+			*loop_detected_r = TRUE;
+			break;
+		}
+		headers++;
+	}
+
+	return SIEVE_EXEC_OK;
+}
+
+static int
+act_redirect_commit(const struct sieve_action *action,
+		    const struct sieve_action_exec_env *aenv,
+		    void *tr_context ATTR_UNUSED, bool *keep)
+{
+	struct sieve_instance *svinst = aenv->svinst;
+	struct act_redirect_context *ctx =
+		(struct act_redirect_context *) action->context;
+	struct sieve_message_context *msgctx = aenv->msgctx;
+	struct mail *mail = (action->mail != NULL ?
+			     action->mail : sieve_message_get_mail(msgctx));
+	const struct sieve_message_data *msgdata = aenv->msgdata;
+	const struct sieve_script_env *senv = aenv->scriptenv;
+	const char *msg_id = msgdata->id, *new_msg_id = NULL;
+	const char *dupeid = NULL;
+	bool loop_detected = FALSE;
+	int ret;
+
+	/*
+	 * Prevent mail loops
+	 */
+
+	/* Create Message-ID for the message if it has none */
+	if (msg_id == NULL)
+		msg_id = new_msg_id = sieve_message_get_new_id(aenv->svinst);
+
+	/* Create ID for duplicate database lookup */
+	ret = act_redirect_get_duplicate_id(ctx, aenv, msg_id, &dupeid);
+	if (ret != SIEVE_EXEC_OK)
+		return ret;
+	i_assert(dupeid != NULL);
 
 	/* Check whether we've seen this message before */
-	if (sieve_action_duplicate_check
-		(senv, dupeid, strlen(dupeid))) {
-		sieve_result_global_log(aenv,
+	if (sieve_action_duplicate_check(senv, dupeid, strlen(dupeid))) {
+		sieve_result_global_log(
+			aenv, "redirect action: "
 			"discarded duplicate forward to <%s>",
 			smtp_address_encode(ctx->to_address));
 		*keep = FALSE;
 		return SIEVE_EXEC_OK;
 	}
 
+	/* Check whether we've seen this message before based on added headers
+	 */
+	ret = act_redirect_check_loop_header(aenv, mail, &loop_detected);
+	if (ret != SIEVE_EXEC_OK)
+		return ret;
+	if (loop_detected) {
+		sieve_result_global_log(
+			aenv, "redirect action: "
+			"not forwarding message to <%s>: "
+			"the `x-sieve-redirected-from' header indicates a mail loop",
+			smtp_address_encode(ctx->to_address));
+		return SIEVE_EXEC_OK;
+	}
+
 	/*
 	 * Try to forward the message
 	 */
 
-	if ( (ret=act_redirect_send
-		(aenv, mail, ctx, new_msg_id)) == SIEVE_EXEC_OK) {
-
-		/* Mark this message id as forwarded to the specified destination */
+	ret = act_redirect_send(aenv, mail, ctx, new_msg_id);
+	if (ret == SIEVE_EXEC_OK) {
+		/* Mark this message id as forwarded to the specified
+		   destination */
 		sieve_action_duplicate_mark(senv, dupeid, strlen(dupeid),
 			ioloop_time + svinst->redirect_duplicate_period);
 
-		sieve_result_global_log(aenv, "forwarded to <%s>",
+		sieve_result_global_log(
+			aenv, "redirect action: forwarded to <%s>",
 			smtp_address_encode(ctx->to_address));
 
 		/* Indicate that message was successfully forwarded */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/plugins/editheader/ext-editheader-common.c new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/plugins/editheader/ext-editheader-common.c
--- old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/plugins/editheader/ext-editheader-common.c	2019-03-05 12:53:18.000000000 +0100
+++ new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/plugins/editheader/ext-editheader-common.c	2019-04-30 14:26:38.000000000 +0200
@@ -156,6 +156,8 @@
 
 	if ( strcasecmp(hname, "subject") == 0 )
 		return TRUE;
+	if ( strcasecmp(hname, "x-sieve-redirected-from") == 0 )
+		return FALSE;
 
 	if ( (header=ext_editheader_config_header_find
 		(ext_config, hname)) == NULL )
@@ -174,6 +176,8 @@
 	if ( strcasecmp(hname, "received") == 0
 		|| strcasecmp(hname, "auto-submitted") == 0 )
 		return FALSE;
+	if ( strcasecmp(hname, "x-sieve-redirected-from") == 0 )
+		return FALSE;
 
 	if ( strcasecmp(hname, "subject") == 0 )
 		return TRUE;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/sieve-result.c new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/sieve-result.c
--- old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/sieve-result.c	2019-03-05 12:53:18.000000000 +0100
+++ new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/sieve-result.c	2019-04-30 14:26:38.000000000 +0200
@@ -139,8 +139,7 @@
 
 	sieve_message_context_unref(&(*result)->action_env.msgctx);
 
-	if ( hash_table_is_created((*result)->action_contexts) )
-        hash_table_destroy(&(*result)->action_contexts);
+	hash_table_destroy(&(*result)->action_contexts);
 
 	if ( (*result)->action_env.ehandler != NULL )
 		sieve_error_handler_unref(&(*result)->action_env.ehandler);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/sieve.c new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/sieve.c
--- old/dovecot-2.3-pigeonhole-0.5.5/src/lib-sieve/sieve.c	2019-03-05 12:53:18.000000000 +0100
+++ new/dovecot-2.3-pigeonhole-0.5.6/src/lib-sieve/sieve.c	2019-04-30 14:26:38.000000000 +0200
@@ -714,14 +714,16 @@
 			sieve_multiscript_execute(mscript,
 				action_ehandler, flags, &mscript->keep);
 		}
-		mscript->active =
-			( mscript->active && mscript->keep && mscript->status > 0 );
+		if ( !mscript->keep )
+			mscript->active = FALSE;
 	}
 
-	if ( mscript->status <= 0 )
+	if ( !mscript->active || mscript->status <= 0 ) {
+		mscript->active = FALSE;
 		return FALSE;
+	}
 
-	return mscript->active;
+	return TRUE;
 }
 
 bool sieve_multiscript_will_discard
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/src/plugins/imapsieve/imap-sieve-storage.c new/dovecot-2.3-pigeonhole-0.5.6/src/plugins/imapsieve/imap-sieve-storage.c
--- old/dovecot-2.3-pigeonhole-0.5.5/src/plugins/imapsieve/imap-sieve-storage.c	2019-03-05 12:53:18.000000000 +0100
+++ new/dovecot-2.3-pigeonhole-0.5.6/src/plugins/imapsieve/imap-sieve-storage.c	2019-04-30 14:26:38.000000000 +0200
@@ -1157,8 +1157,7 @@
 	if (isuser->isieve != NULL)
 		imap_sieve_deinit(&isuser->isieve);
 
-	if (hash_table_is_created(isuser->mbox_rules))
-		hash_table_destroy(&isuser->mbox_rules);
+	hash_table_destroy(&isuser->mbox_rules);
 	if (array_is_created(&isuser->mbox_patterns))
 		array_free(&isuser->mbox_patterns);
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/tests/execute/smtp.svtest new/dovecot-2.3-pigeonhole-0.5.6/tests/execute/smtp.svtest
--- old/dovecot-2.3-pigeonhole-0.5.5/tests/execute/smtp.svtest	2019-03-05 12:53:18.000000000 +0100
+++ new/dovecot-2.3-pigeonhole-0.5.6/tests/execute/smtp.svtest	2019-04-30 14:26:38.000000000 +0200
@@ -346,3 +346,104 @@
 	}
 }
 
+/*
+ * Redirect mail loop (sieve_user_email)
+ */
+
+test_result_reset;
+test_set "message" text:
+X-Sieve-Redirected-From: t.sirainen@example.net
+From: stephan@example.org
+To: tss@example.net
+Subject: Frop!
+
+Frop!
+.
+;
+test_set "envelope.from" "sirius@example.org";
+test_set "envelope.to" "timo@example.net";
+test_set "envelope.orig_to" "tss@example.net";
+
+test_config_set "sieve_redirect_envelope_from" "user_email";
+test_config_set "sieve_user_email" "t.sirainen@example.net";
+test_config_reload;
+
+test "Redirect mail loop (sieve_user_email)" {
+	redirect "cras@example.net";
+
+	if not test_result_execute {
+		test_fail "failed to execute redirect";
+	}
+
+	if test_message :smtp 0 {
+		test_fail "failed to recognize mail loop";
+	}
+}
+
+/*
+ * Redirect mail loop (final recipient)
+ */
+
+test_result_reset;
+test_set "message" text:
+X-Sieve-Redirected-From: timo@example.net
+From: stephan@example.org
+To: tss@example.net
+Subject: Frop!
+
+Frop!
+.
+;
+test_set "envelope.from" "sirius@example.org";
+test_set "envelope.to" "timo@example.net";
+test_set "envelope.orig_to" "tss@example.net";
+
+test_config_reload;
+
+test "Redirect mail loop (final recipient)" {
+	redirect "cras@example.net";
+
+	if not test_result_execute {
+		test_fail "failed to execute redirect";
+	}
+
+	if test_message :smtp 0 {
+		test_fail "failed to recognize mail loop";
+	}
+}
+
+/*
+ * Redirect mail loop (multiple headers)
+ */
+
+test_result_reset;
+test_set "message" text:
+X-Sieve-Redirected-From: stephan@example.net
+From: stephan@example.org
+To: tss@example.net
+Subject: Frop!
+X-Sieve-Redirected-From: t.sirainen@example.net
+X-Sieve-Redirected-From: t.sirainen@example.com
+
+Frop!
+.
+;
+test_set "envelope.from" "sirius@example.org";
+test_set "envelope.to" "timo@example.net";
+test_set "envelope.orig_to" "tss@example.net";
+
+test_config_set "sieve_redirect_envelope_from" "user_email";
+test_config_set "sieve_user_email" "t.sirainen@example.net";
+test_config_reload;
+
+test "Redirect mail loop (sieve_user_email)" {
+	redirect "cras@example.net";
+
+	if not test_result_execute {
+		test_fail "failed to execute redirect";
+	}
+
+	if test_message :smtp 0 {
+		test_fail "failed to recognize mail loop";
+	}
+}

++++++ dovecot-2.3-pigeonhole-0.5.5.tar.gz -> dovecot-2.3.6.tar.gz ++++++
/work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3-pigeonhole-0.5.5.tar.gz /work/SRC/openSUSE:Factory/.dovecot23.new.5148/dovecot-2.3.6.tar.gz differ: char 5, line 1

    

root

tags

participants (1)