- update to version 2.5.17
* Fixed: tools/git-version.sh did not need bash specifically
(gh#cyrusimap/cyrus-imapd#3143)
* Fixed: saved session reuse crash when TLS enabled for backend connections
(gh#cyrusimap/cyrus-imapd#3191)
* Fixed: XFER now recognises 3.4 and 3.5 backends
* Fixed: memory leak during backend auth state cleanup
(gh#cyrusimap/cyrus-imapd#3320)
* Fixed: use-after-free segfault in mupdate-client
(gh#cyrusimap/cyrus-imapd#3312)
- incorperating a lot of work from buschmann23@opensuse.org!
- added new packages libcyrus0 and perl-Cyrus-Annotator
- enabled mailbox event notification
- enabled clamav support
- enabled SQLite support
- enablee and run unit tests
- prepared http support (using bcond; requires libical < 3)
- deprecate BDB support: upstream drops it with 3.0
- deprecate SNMP support: upstream drops it with 3.4
- removed OpenSLP support
- configuration changes
* add some resource control settings to cyrus-imapd.service file
+ TasksMax=2048
+ LimitNOFILE=10000
+ Restart=on-failure
+ RestartSec=5
- create runtime directory structure under /run/cyrus-imapd with
systemd-tempfiles instead of unit RuntimeDirectory. This makes
it possible to store some files and folders on ephemeral storage
- update default shipped config files to use /run/cyrus-imapd
- dropped package conflicts for *cyrus-*-kolab; those packages weren't
build in a really, really long time, since they were obsoleted
with cyrus-imapd 2.4.
- removed patches now included upstream:
- cyrus-imapd-2.4.19_autocreate-0.10-0.patch
- cyrus-imapd-2.4.17_lmtp_catchall_mailbox.patch
- cyrus-imapd-2.4.17_ptloader-ldap_user_attribute.patch
- cyrus-imapd-2.4.18-D19-Outlook_2013_XLIST.patch
- other dropped patches / unsupported, obsolete, out of maintenance:
- cyrus-imapd-2.4.17_openslp.patch
- cyrus-imapd-2.4.17_pie.patch
- rebased patches:
* cyrus-imapd-2.3.16_syslog-facility-doc.patch as
cyrus-imapd-2.5.13_syslog-facility-doc.patch
* cyrus-imapd-2.4.17_db6.patch as
cyrus-imapd-2.5.13_db6.patch
* cyrus-imapd-2.4.19-implicit_definitions.patch as
cyrus-imapd-2.5.13_implicit-definitions.patch
* cyrus-imapd-2.4.21-fix-bdb-function-conflict.patch as
cyrus-imapd-2.5.13-glibc-2.30-compatibility.patch
* cyrus-imapd-2.4.22-fix-cve-2021-33582.patch as
cyrus-imapd-2.5.17-fix-cve-2021-33582.patch
- various spec cleanups
* use conditional builds with bcond
* remove SysV init scripts
* remove conditionals for old openSUSE releases
* remove unnecessary dependencies
- Changelog of prior 2.5.x releases:
* see https://www.cyrusimap.org/imap/download/release-notes/2.5/index.html
- update to version 2.5.16
* Fixed: XFER now correctly distinguishes between 2.3.x releases
* Fixed Issue #3123: XFER now recognises 3.1, 3.2 and 3.3 backends
* Fixed: XFER now syslogs a warning when it doesn’t recognise the
backend Cyrus version
- update to version 2.5.15
* Fixed CVE-2019-19783: When creating a missing mailbox as part of
a sieve ‘fileinto’ directive, lmtpd would create it as administrator,
bypassing ACL checks. lmtpd creates missing mailboxes as part of
a sieve ‘fileinto’ directive if:
* (2.5+) the anysievefolder option is enabled (default: not), or
* (3.0+) the sieve_extensions option has the ‘mailbox’ extension
enabled (default: enabled) and the ‘fileinto’ directive contains
the ”:create” argument
Under these conditions, a user with the ability to upload a custom
sieve script to their account could use it to create any valid
mailbox on the server (with ACL inherited from the parent mailbox
as usual). lmtpd no longer creates these mailboxes as administrator,
so users may no longer use a ‘fileinto’ directive to create a mailbox
they couldn’t create otherwise.
* Fixed Issue #2913: errors are now logged when maxlogins_per_host,
maxlogins_per_user, and popminpoll limits are reached (thanks Sergey)
- update to version 2.5.14
* Fixed CVE-2019-18928: unauthenticated HTTP requests no longer
inherit authentication from the previous request on the same connection
* Can now build against ClamAV >= 0.101 (thanks Christoph Moench-Tegeder)
* Fixed Issue #2877: quota -f now works correctly with improved_mboxlist_sort: no
* Fixed Issue #2808: UNDUMP no longer crashes when quota needs updating
- update to version 2.5.13
* Fixed CVE-2019-11356: buffer overrun in httpd
* Fixed: ptloader, ptexpire and ptdump now honour the
ptscache_db_path setting
- update to version 2.5.12
* Fixed: cyr_virusscan now integrates with event notifications
properly
* Fixed: mailbox expunge event notifications no longer cause a crash
* Fixed Issue #2378: ACLs containing spaces no longer break mailboxes.db
* Fixed Issue #2253: master now rejects unix domain listen paths
that are too long
* Fixed: smilint warnings for CYRUS-MASTER.mib fixed
(thanks Fabrice Bacchella)
* Fixed Issue #2177: backend connections no longer ignore STARTTLS
failures (thanks Wolfgang Breyha)
* Fixed Issue #2222: dav_reconstruct no longer crashes on expunged
entries
* Fixed Issue #2221: dav_reconstruct no longer crashes given bad
user id (thanks Wolfgang Breyha)
* Fixed: tls_prune memory leak
* Fixed: tls_prune doesn’t fail when tls_sessions.db is missing
* Fixed Issue #2199: recovery from mupdate failure now in correct
order (thanks Michael Menge)
* Fixed: backend connections no longer crash if no banner found
* Fixed: backend connections no longer return success on certain
types of failure
* Fixed Issue #2185: squatter no longer tries to index non-IMAP
mailboxes (thanks Wolfgang Breyha)
* Fixed: special-use proxying in murder (thanks Wolfgang Breyha)
* Fixed Issue #1090: send OK NIL to subsequent ID commands
* Fixed Issue #1434: auth_pts will now error when given a too-long
socket file name
* Fixed Issue #1964: correctly detect when librt is needed
* Fixed Issue #1967: tell EXISTS count earlier when needed
* Fixed: memory leak in httpd DAV support
- update to 2.5.11
* Better integration with updated documentation/website infrastructure
* The “timeout” option is now also used as an upper limit in minutes
for IDLE connections. A new option “imapidletimeout” can be used to
set an idle-specific timeout instead. (Thanks Philipp Gesang.)
* Fixed: invalid free and memory leak in httpd
* Fixed: services no longer exit when client disconnects before accept()
* Fixed Issue #65: no longer use -Wno-sign-compare when unsupported
* Fixed Issue #67: better support for dots in localparts
(thanks Jeroen van Meeuwen)
* Fixed: don’t assume LIST section options when proxying
* Fixed: SEARCH crash on some platforms
* Fixed: ensure directory hierarchy created when renaming empty mailboxes
* Fixed Issue #1742: reconstruct no longer crashes when cache records
are too short
* Fixed Issue #11: LIST RETURN options now work properly with virtdomains
* Fixed Issue #44: http proxy no longer crashes on starttls
(thanks Wolfgang Breyha)
* Fixed Issue #1752: no longer crash on notifyd mailto method
* Fixed Issue #1768: ensure consistency of CalDav ORGANIZER
(thanks Дилян Палаузов)
* Fixed Issue #368: SETACL with invalid rights characters now returns BAD
* Fixed Issue #46: renames to remote destinations now work correctly
* Fixed Issue #38: UTF-8 :subject now supported in sieve vacations
* Fixed Issue #1872: no longer crash on bad SSL session ids
* Fixed Issue #1931: missing mysql/mariadb dependencies now reported
by configure
* Fixed: various memory and resource leaks (thanks Дилян Палаузов)
- update to 2.5.10
* master(8) now supports a “-V” (print version and exit) option
* Fixed Issue #34: imapd in murder no longer crashes on MOVE to
nonexistent folder (thanks Wolfgang Breyha)
* Fixed Issue #15: replication no longer crashes on mailboxes that
are too old to be replicated. Instead, it fails with an error and
logs a warning that they need to be reconstructed
* Fixed Issue #45: extended LIST doesn’t lose options when proxied
to backend
* Fixed task 142: extended LIST response no longer missing
\HasNoChildren flag on last mailbox
* Fixed Issue #49: httpd no longer crashes with assertion failure on
shutdown after CardDAV has been used
* Fixed Issue #31: the ldap_timeout setting is now used correctly
* Fixed bugzilla #3909: idled(8) no longer runs as root
(thanks Carlos Velasco)
* Fixed Issue #5: renaming folder with annotations no longer increases
annotation quota usage
* Fixed: URLFETCH crash when section is NULL
* various build system improvements
- update to 2.5.9
* ipurge(8) now supports a “-n” (dry run) option
(thanks Valentin Vidic)
* Fixed: imapd now proxies LIST (special-use) to backend
(thanks John Capo)
* Fixed: sync_client handles its shutdown file more reliably
(thanks John Capo)
* Fixed: httpd no longer crashes with assertion failure on
shutdown after CalDAV has been used
* Fixed bugzilla #3938: squat search now handles pre-2.5 cyrus.squat data
* Fixed Issue #5: twoskip database I/O performance in unlocked foreach
* various build system improvements
- udpate to 2.5.8
* Allow replicated backends in a discrete Murder to both
actively participate in the Murder.
* When choosing between ANNOTATEMORE and METADATA, favour what the client used.
* cyr_dbtool(8) now supports improved_mboxlist_sort (-M)
* Fixed: master on pselect systems no longer chokes on repeated interrupts
(thanks Jens Erat and team)
* Fixed: better iOS CalDAV support (don’t announce VPOLL)
* Fixed: backported version detection code to detect future versions
* Fixed bug #3927: don’t break cyrus.index on XFER of mailbox with annotations
(thanks Wolfgang Breyha)
* Fixed: replication/XFER of mailbox names containing ‘@’
* Fixed: METADATA and GETMETADATA pattern/list recognition
* Fixed bug #3862: don’t leave behind inconsistent mailboxes when mupdate
fails during mailbox rename
* Fixed compilation with Sun Studio 12 C Compiler (thanks Marty Lee)
* Fixed bug #3765: ctl_cyrusdb(8) now uses database paths from imapd.conf
(thanks Simon Matter)
* Fixed task 227: service processes no longer crash with ‘-T 0’ argument
(thanks Ian Batten and Jens Erat)
* various build system fixes
- update to 2.5.7
* CVE-2015-8077, CVE-2015-8078: protect against integer overflow in urlfetch
range checks
* Support for legacy SSLv2 and SSLv3 protocols has been removed
* Support for TLS compression has been removed (thanks Ondřej Surý)
* Fixed bug #3908: crash in ctl_mboxlist -m
* Fixed: setrlimit error on startup
* Fixed task 216: don’t break quotas when transferring mailboxes between
backends
* Fixed: idled shutdown on platforms without pselect (thanks Thomas Jarosch)
* Fixed: autocreate_sieve now uses sievedir setting correctly
* Fixed bug #3907: cyradm --cadir option is now called --capath, and works
(thanks Leena Heino)
* Fixed bug #3905: fix segfault in all daemons when built with -DUSE_SETPROCTITLE
* Fixed: pop3d no longer applies plaintextloginpause to TLS connections
* Fixed bug #3866: lmtpd now consults local mailboxes.db first,
before mupdate master (thanks Michael Menge)
- update to 2.5.6
* tls_required (default: 0). Set this to 1 to require a TLS session for ALL
authentications, not just plain ones (thanks Carlos Velasco)
* new cyradm options
+ –tlskey keyfile: use certificate with keyfile to authenticate with server
+ –notls: disable StartTLS negotiation
+ –cafile cacertfile: Use CA certificate file to validate server certificate
+ –cadir cacertdirectory: Use CA certificate directory to validate server certificate
* Fixed: cyr_synclog checks its arguments more strictly to avoid producing
junk sync loc entries
* Fixed: cyradm metadata implementation cleaned up and output made consistent
(thanks Leena Heino)
* Fixed: timsieved no longer discloses name/version if ServerInfo is Off or Min
(thanks Carlos Velasco)
- update to 2.5.5
* Security fix: compiling with –enable-autocreate no longer allows arbitrary
mailbox creation
* Fixed task 207: don’t segfault on mboxutil -d of MBTYPE_DELETED mailboxes
(thanks Chris Stromsoe)
* Fixed lock management over rename (thanks Thomas Jarosch)
* Miscellaneous other fixes (thanks Thomas Jarosch)
- update to 2.5.4
* Security fix: handle urlfetch range starting outside message range
* Fixed bug: better error messages when reading corrupted twoskip databases
* Fixed bug: treat autocreate_quota_messages:0 as unlimited
* Fixed task 203: make autocreate_quota:0 work as documented
- update to 2.5.3
* Fixed task 183: don’t crash on login when event notifications are enabled
- update to 2.5.2
* Fixed task 179: ptloader should no longer crash in ptsmodule_standard_root_dn
* Improved consistency of event notification parameters
* Fixed bug: no longer run out of memory in mupdate with twoskip (mmap leak)
* Fixed bug: no longer crash on ctl_mboxlist -d for remote mailboxes
* Fixed bug: no longer include RFC 5322 header fields when fetching CALDAV:calendar-data
* Fixed bug: properly handle same XML namespace used with 2 different prefixes in requests
- update to 2.5.1
* Fixed: allow SYNC_CRC to be optional, making upgrades easier in future
* Fixed: XFER deletes source mailbox less aggressively, avoiding data
loss under pathological conditions
* Fixed task 163 : XFER no longer bails out on header CRC mismatch
* Fixed task 117 : now error out silently on non-TLS connections to
services with implicit TLS
* Fixed reconstruct bug: upgrading mailbox format now adds GUIDs to
shared folders (Thanks Norbert Warmuth)
* Fixed task 165 : xfer no longer fails due to bad version comparison
* Fixed xfer bug: version 2.5 is now detected properly
* Fixed task 109 : XLIST behaviour is now compatible with Outlook 2013
(Thanks Leena Heino)
* Fixed task 116 : LIST now correctly handles domains starting with “inbox.”
* Fixed task 120 : admin users can now SETANNOTATION correctly
* Fixed task 118 : imapd no longer crashes when selected mailbox is listed
* Fixed task 156 : LMTP no longer incorrectly rejects messages
delivered using ‘deliver’
* Fixed task 76 : lmtpd no longer crashes when delivering to a shared
mailbox (Thanks Leena Heino)
* Fixed quota bug: no longer crash when setting quotas on shared
folder hierarchies
* Fixed compilation problem on Solaris 10 (Thanks Leena Heino)
* Fixed bug: QuotaChange event notification now always includes
maxMessages parameter
* Fixed bug: event notifications now include paths for shared folders
* Fixed bug: GETMETADATA now handles mailbox patterns correctly
* Various fixes to compiling and tool chains
* changes to cyradm
+ createmailbox command now accepts –specialuse flag if server
supports CREATE-SPECIAL-USE
+ listmailbox command now returns special-use attribute if
server supports SPECIAL-USE
+ listmailbox command now accepts –specialuse flag to list only
mailboxes with special-use attribute
+ cyradm now uses LIST and REMOTE rather than RLIST if server
supports LIST-EXTENDED
+ mboxconfig now accepts –private flag to switch from default
shared to private version of an annotation
+ getmetadata: new command
+ setmetadata: new command
+ Cyrus::IMAP::Admin::getinfo now returns a different data structure
to support the above
+ Cyrus::IMAP::Admin new ACL flag for modifying annotations
- update to version 2.5.0
* Underscores (the _ character) are no longer allowed in the START,
SERVICES and EVENTS sections of cyrus.conf(5), as they interfere with
configuration options in imapd.conf(5) being prefixed by service
names and an underscore (_) character.
* Extended Quota Types: New ways to restrict resource usage:
Number of Folders, Number of Messages, Number of Annotations
* CalDAV and CardDAV Support
* Support for RFC 5464: IMAP METADATA
* Event Notifications
* The database format for mailboxes.db has been upgraded, adding a
new mailbox type for deleted mailboxes. A key-value storage format
is used, allowing for faster and better parsing of mailboxes.db,
more granular updates to runtime environments, and more sustainable
future upgrades.
* New database format twoskip
* Allowing Undefined Annotations
* Catchall Mailbox for LMTP
* Option Name Changes for autocreate: The options related to automatic
creation of user mailboxes and sub-folders (aka. autocreate) have
been changed to hold a prefix of autocreate_.
* The default for the imapd.conf(5) configuration option delete_mode
has changed from immediate to delayed.
* The default for the imapd.conf(5) configuration option expunge_mode
has changed from default to delayed.
* Configuration option names for LDAP SSL/TLS configuration in
imapd.conf(5) have been changed.
* Configuration option names for SSL/TLS configuration in imapd.conf(5)
have been changed to better reflect how they are used, as enhancements
would otherwise create great confusion.
* New Options for tls_*