diff options
Diffstat (limited to 'pigeonhole/NEWS')
-rw-r--r-- | pigeonhole/NEWS | 1841 |
1 files changed, 1841 insertions, 0 deletions
diff --git a/pigeonhole/NEWS b/pigeonhole/NEWS new file mode 100644 index 0000000..8c09177 --- /dev/null +++ b/pigeonhole/NEWS @@ -0,0 +1,1841 @@ +v0.5.21 2023-08-15 Aki Tuomi <aki.tuomi@open-xchange.com> + + - sieve: Using the deleteheader action on a message with a broken/invalid + header can cause the Sieve interpreter to crash with an assert panic. + This can happen e.g. when the message is missing the empty EOH line + between the headers and the body of the message. Fixes: + Panic: file edit-mail.c: line 820 (edit_mail_headers_parse): + assertion failed: (body_offset > 0). + - sieve: Pigeonhole added an extra Message-ID header during mail + forwarding when the existing one was invalid. Now it adds the + Message-ID only if it is entirely missing. Existing Message-ID(s) are + left unchanged. + +v0.5.20 2022-12-12 Aki Tuomi <aki.tuomi@open-xchange.com> + + * No changes - release done to keep version numbers synced. + +v0.5.19 2022-05-10 Aki Tuomi <aki.tuomi@open-xchange.com> + + * No changes - release done to keep version numbers synced. + +v0.5.18 2022-02-03 Aki Tuomi <aki.tuomi@open-xchange.com> + + - duplicate: Users without a home directory can crash with Sieve when + using duplicate database. v2.3.17 regression. + - imapsieve: When mail was expunged when processing imapsieve events, a + crash could occur. Fixes Panic: file mail-index-map.c: + line 558 (mail_index_map_lookup_seq_range): assertion failed: (first_uid > 0) + - managesieve-login: Proxy didn't support forwarding the forward_* passdb fields. + - redirect: Sieve would crash if redirect after keep-equivalent action failed. + - sieve: Interpreter crashes when the Sieve index extension is used with + index zero. + - vnd.dovecot.filter: Envelope sender string may become corrupted when + Sieve scripts are using vnd.dovecot.filter. This could end up + corrupting mbox's From line and return wrong envelope sender string in + Sieve tests. + +v0.5.17.1 2021-12-07 Aki Tuomi <aki.tuomi@open-xchange.com> + + - managesieve: Dovecot failed to start if ssl_ca was too large. + - lib-sieve-tool: Binaries failed to run if ssl_ca was too large. + +v0.5.17 2021-10-28 Aki Tuomi <aki.tuomi@open-xchange.com> + + - duplicate: The Sieve duplicate test is prone to false negatives when + the user receives many e-mails concurrently, meaning that duplicate + deliveries can still occur. + - fileinto: v2.3.16 regression: Sieve delivery crashes if mail is + delivered to non-existing and existing folder. + - imap-filter-sieve: v2.3.15 regression: The CPU limits on Sieve + execution are too easily exceeded in IMAP context (the IMAPSieve and + FILTER=SIEVE capabilities). Changed the default to unlimited CPU time + for IMAP context, since similar excessive resource usage can be caused + by other means as well. The CPU limits on Sieve scripts executed at + LDA/LMTP delivery are still enforced by default. + - redirect: The Sieve redirect action has protections against users + triggering mail loops. Unfortunately, the detection of a redirect mail + loop sometimes causes the message to get lost if no other Sieve action + is applied that delivers the message somewhere else. + - redirect: v2.3.16 regression: With certain Sieve scripts if redirect + fails due to temporary failure, the lmtp process may crash after the + delivery. Fixes: + Panic: file mail-user.c: line 229 (mail_user_deinit): + assertion failed: ((*user)->refcount == 1). + +v0.5.16 2021-08-06 Timo Sirainen <timo.sirainen@open-xchange.com> + + * .dovecot.sieve.log file now includes year in the header. + * Change Sieve script result execution to delay definitive action + execution to the end of a successful Sieve script execution session. + This is part of an effort to solve problems with the Sieve duplicate + test. As a side-effect, some rare temporary-error cases yield + different results, in which partial failure is more likely. + +v0.5.15 2021-06-21 Aki Tuomi <aki.tuomi@open-xchange.com> + + * CVE-2020-28200: Sieve interpreter is not protected against abusive + scripts that claim excessive resource usage. Fixed by limiting the + user CPU time per single script execution and cumulatively over + several script runs within a configurable timeout period. Sufficiently + large CPU time usage is summed in the Sieve script binary and execution + is blocked when the sum exceeds the limit within that time. The block + is lifted when the script is updated after the resource usage times out. + * Disconnection log messages are now more standardized across services. + They also always now start with "Disconnected" prefix. + - managesieve: Commands pipelined together with and just after the + authenticate command cause these commands to be executed twice. + +v0.5.14 2021-03-04 Aki Tuomi <aki.tuomi@open-xchange.com> + + * IMAP FILTER command: cmd-filter-sieve - Do not allow NIL as + script name argument. + +v0.5.13 2021-01-04 Aki Tuomi <aki.tuomi@open-xchange.com> + + - duplicate: The test was handled badly in a multiscript (sieve_before, + sieve_after) scenario in which an earlier script in the sequence with + a duplicate test succeeded, while a later script caused a runtime + failure. In that case, the message is recorded for duplicate tracking, + while the message may not actually have been delivered in the end. + - editheader: Sieve interpreter entered infinite loop at startup when + the "editheader" configuration listed an invalid header name. This + problem can only be triggered by the administrator. + - relational: The Sieve relational extension can cause a segfault at + compile time. This is triggered by invalid script syntax. The segfault + happens when this match type is the last argument of the test command. + This situation is not possible in a valid script; positional arguments + are normally present after that, which would prevent the segfault. + - sieve: For some Sieve commands the provided mailbox name is not + properly checked for UTF-8 validity, which can cause assert crashes at + runtime when an invalid mailbox name is encountered. This can be + caused by the user by writing a bad Sieve script involving the + affected commands ("mailboxexists", "specialuse_exists"). + This can be triggered by the remote sender only when the user has + written a Sieve script that passes message content to one of the + affected commands. + - sieve: Large sequences of 8-bit octets passed to certain Sieve + commands that create or modify message headers that allow UTF-8 text + (vacation, notify and addheader) can cause the delivery or IMAP + process (when IMAPSieve is used) to enter a memory-consuming + semi-infinite loop that ends when the process exceeds its memory + limits. Logged in users can cause these hangs only for their own + processes. + +v0.5.11 2020-08-12 Aki Tuomi <aki.tuomi@open-xchange.com> + + * managesieve: managesieve_max_line_length setting is now a "size" type + instead of just number of bytes. This allows using e.g. "64k" as the + value. + - lib-sieve: When folding white space is used in the Message-ID header, + it is not stripped away correctly before the message ID value is used, + causing e.g. garbled log lines at delivery. + +v0.5.10 2020-03-06 Aki Tuomi <aki.tuomi@open-xchange.com> + + * imap_sieve_filter: Change result action logging to include IMAP UID + - vacation: Addresses were compared case-sensitively. + +v0.5.9 2019-12-04 Aki Tuomi <aki.tuomi@open-xchange.com> + + + Added events for Sieve and ManageSieve, see + https://doc.dovecot.org/admin_manual/list_of_events/#pigeonhole + + Pigeonhole: Implement the Sieve "special-use" extension described in + RFC 8579. + - duplicate: Test only compared the handles which would cause + different values to be cached as the same duplicate test. Fix to also + compare the actual hashes. + - imap_sieve_filter: IMAP FILTER Command had various bugs in error + handling. Errors may have been duplicated for each email, errors + may have been missing entirely, command tag and ERRORS/WARNINGS + parameters were swapped. + +v0.5.8 2019-10-08 Aki Tuomi <aki.tuomi@open-xchange.com> + + - Sieve may leak resources in rare cases when a redirect, vacation or + report action fails to send the message. This mainly applies when + Sieve is executed in IMAP context; i.e., for the IMAPSIEVE or + FILTER=SIEVE capabilities. + +v0.5.7.1 2019-07-23 Timo Sirainen <timo.sirainen@open-xchange.com> + + - dsync: Sieve script syncing failed if mailbox attributes weren't + enabled. + +v0.5.7 2019-07-12 Aki Tuomi <aki.tuomi@open-xchange.com> + + + vacation: Made the subject for the automatic response message produced + by the Sieve vacation action configurable. Both the default subject + (if the script defines none) and the subject template (e.g. used to + add a subject prefix) can be configured. + - dsync: dsync-replication does not synchronize Sieve scripts. + - imap_sieve_filter: Reduce FILTER=SIEVE verbosity over IMAP connection. + - testsuite: Pigeonhole testsuite segfaulted if it was compiled with + GCC 9 + +v0.5.6 2019-04-30 Aki Tuomi <aki.tuomi@open-xchange.com> + + + sieve: Redirect loop prevention is sometimes ineffective. Improve + existing loop detection by also recognizing the + X-Sieve-Redirected-From header in incoming messages and dropping + redirect actions when it points to the sending account. This header + is already added by the redirect action, so this improvement only + adds an additional use of this header. + - sieve: Prevent execution of implicit keep upon temporary failure + occurring at runtime. + +v0.5.5 2019-03-05 Stephan Bosch <stephan@rename-it.nl> + + + IMAPSieve: Add new plugin/imapsieve_expunge_discarded setting which + causes messages discarded by an IMAPSieve script to be expunged + immediately, rather than only being marked as "\Deleted" (which is + still the default behavior). + - IMAPSieve: Fix panic crash occurring when a COPY command copies + messages from a virtual mailbox where the source messages originate + from more than a single real mailbox. + - imap4flags extension: Fix deleting all keywords. When the action + resulted in all keywords being removed, no changes were actually + applied. + - variables extension: Fix truncation of UTF-8 variable content. The + maximum size of Sieve variables was enforced by truncating the + variable string content bluntly at the limit, but this does not + consider UTF-8 code point boundaries. This resulted in broken UTF-8 + strings. This problem also surfaced for variable modifiers, such as + the ":encodeurl" modifier provided by the Sieve "enotify" extension. + In that case, the resulting URI escaping could also be truncated + inappropriately. + - IMAPSieve, IMAP FILTER=SIEVE: Fix replacing a modified message. Sieve + scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context that + modify the message, stored the message a second time, rather than + replacing the originally stored unmodified message. + - Fix segmentation fault occurring when both the sieve_extprograms + plugin (for the Sieve interpreter) and the imap_filter_sieve plugin + (for IMAP) are loaded at the same time. A symbol was defined by both + plugins, causing a clash when both were loaded. + +v0.5.4 2018-11-23 Stephan Bosch <stephan@rename-it.nl> + + * Adjustments to several changes in Dovecot v2.3.4 make this Pigeonhole + release dependent on that Dovecot release; it will not compile against + older Dovecot versions. And, conversely, you need to upgrade + Pigeonhole when upgrading Dovecot to v2.3.4. + * The changes regarding the default postmaster_address in Dovecot v2.3.4 + mainly apply to Pigeonhole. The new default should work for all + existing installations, thereby fixing several reported v2.3/v0.5 + migration problems. + - IMAP FILTER=SIEVE capability: Fix assert crash occurring when running + UID FILTER on a Sieve script with errors. + +v0.5.3 2018-10-01 Stephan Bosch <stephan@rename-it.nl> + + - Fix assertion panic occurring when managesieve service fails to open + INBOX while saving a Sieve script. This was caused by a lack of + cleanup after failure. + - Fix specific messages causing an assert panic with actions that + compose a reply (e.g. vacation). With some rather weird input from the + original message, the header folding algorithm (as used for composing + the References header for the reply) got confused, causing the panic. + - IMAP FILTER=SIEVE capability: Fix FILTER SIEVE SCRIPT command parsing. + After finishing reading the Sieve script, the command parsing + sometimes didn't continue with the search arguments. This is a time- + critical bug that likely only occurs when the Sieve script is sent in + the next TCP frame. + +v0.5.2 2018-06-29 Stephan Bosch <stephan@rename-it.nl> + + + Implement plugin for the a vendor-defined IMAP capability called + "FILTER=SIEVE". It adds the ability to manually invoke Sieve filtering + in IMAP. More information can be found in + doc/plugins/imap_filter_sieve.txt. + - The Sieve addess test caused an assertion panic for invalid addresses + with UTF-8 codepoints in the localpart. Fixed by properly detecting + invalid addresses with UTF-8 codepoints in the localpart and skipping + these like other invalid addresses while iterating addresses for the + address test. + - Make the length of the subject header for the vacation response + configurable and enforce the limit in UTF-8 codepoints rather than + bytes. The subject header for a vacation response was statically + truncated to 256 bytes, which is too limited for multi-byte UTF-8 + characters. + - Sieve editheader extension: Fix assertion panic occurring when it is + used to manipulate a message header with a very large header field. + - Properly abort execution of the sieve_discard script upon error. + Before, the LDA Sieve plugin attempted to execute the sieve_discard + script when an error occurs. This can lead to the message being lost. + - Fix the interaction between quota and the sieve_discard script. When + quota was used together with a sieve_discard script, the message + delivery did not bounce when the quota was exceeded. + +v0.5.1 28-03-2018 Stephan Bosch <stephan@rename-it.nl> + + - Explicitly disallow UTF-8 in localpart in addresses parsed from Sieve + script. + - editheader extension: Corrected the stream position calculations + performed while making the modified message available as a stream. + Pigeonhole Sieve crashed in LMTP with an assertion panic when the + Sieve editheader extension was used before the message was redirected. + Experiments indicate that the problem occurred only with LMTP and that + LDA is not affected. + - fileinto extension: Fix assert panic occurring when fileinto is used + without being listed in the require line, while the copy extension is + listed there. This is a very old bug. + - imapsieve plugin: Do not assert crash or log an error for messages + that disappear concurrently while applying Sieve scripts. This event + is now logged as a debug message. + - Sieve extprograms plugin: Large output from "execute" command crashed + delivery. Fixed buffering issue in code that handles output from the + external program. + +v0.5.0.1 05-01-2018 Stephan Bosch <stephan@rename-it.nl> + + - imap4flags extension: Fix binary corruption occurring when + setflag/addflag/removeflag flag-list is a variable. + - sieve-extprograms plugin: Fix segfault occurring when used in + IMAPSieve context. + +v0.5.0 24-12-2017 Stephan Bosch <stephan@rename-it.nl> + + * editheader extension: The implementation of header modifications is + heavily updated. Although the functionality has not changed, the + underlying code was updated to address several static analysis + warnings, runtime integer arithmetic warnings (Clang), and to match + updates in the Dovecot stream API. + + variables extension: Made the maximum scope and variable size + configurable. + + subaddress: Support multiple recipient_delimiters. + - enotify extension: mailto method: Fixed parsing of mailto URI with + only a header part. + - enotify plugin: mailto method: Make sure the "From:" header is set to + a usable address and not "(null)". + - Fixed writing address headers to outgoing messages. Sometimes headers + were MIME-encoded twice, yielding invalid results. + +v0.4.23 20-03-2018 Stephan Bosch <stephan@rename-it.nl> + + - editheader extension: Corrected the stream position calculations + performed while making the modified message available as a stream. + Pigeonhole Sieve crashed in LMTP with an assertion panic when the + Sieve editheader extension was used before the message was redirected. + Experiments indicate that the problem occurred only with LMTP and that + LDA is not affected. + - fileinto extension: Fix assert panic occurring when fileinto is used + without being listed in the require line, while the copy extension is + listed there. This is a very old bug. + - imapsieve plugin: Do not log an error for messages that disappear + concurrently while applying Sieve scripts. This is a further + improvement on the imapsieve fix in the previous release (which fixed + a panic). This event is now logged as a debug message. + +v0.4.22 01-03-2018 Stephan Bosch <stephan@rename-it.nl> + + - Fixed filesystem path handling problem: sieve plugin could have + assert-crashed with specific path lengths with: "Panic: file + realpath.c: line 86 (path_normalize): assertion failed: (npath_pos + + 1 < npath + asize)". + - Sieve extprograms plugin: Large output from "execute" command crashed + delivery. Fixed buffering issue in code that handles output from the + external program. + - editheader extension: Extensively reworked the low-level + implementation of adding and removing headers. This solves a few + integer arithmetic problems reported by Clang runtime checks, but also + improves code structure and reliability in general. + - imapsieve: Fix assert crash occurring when selected messages are + expunged concurrently by the time Sieve filter is to be applied. + - imap4flags extension: Fix binary byte-code corruption occurring when + the setflag, addflag, or removeflag command's flag-list is a variable. + - enotify extension: mailto method: Fixed parsing of mailto URI with + only a header part. + - enotify extension: mailto method: Make sure "From:" header is set to a + usable address and not "(null)". + - Fixed writing address headers to outgoing messages. It sometimes + erroneously applied another layer of MIME header encoding. + +v0.4.21 12-10-2017 Stephan Bosch <stephan@rename-it.nl> + + * redirect action: Always set the X-Sieve-Redirected-From header to + sieve_user_email if configured. Before, it would use the envelope recipient + instead if available, which makes no sense if the primary e-mail address is + available. + + vacation extension: Allow ignoring the envelope sender while composing the + "To:" header for the reply. Normally, the "To:" header is composed from + the address found in the "Sender", "Resent-From" or "From" headers that is + equal to the envelope sender. If none is then found, the bare envelope + sender is used. This change adds a new setting + "sieve_vacation_to_header_ignore_envelope". With this setting enabled, the + "To:" header is always composed from those headers in the source message. + The new setting thus allows ignoring the envelope, which is useful e.g. + when SRS is used. + + vacation extension: Compose the "To:" header from the full sender address + found in the first "Sender:", "From:" or "Resent-From:" header. Before, it + would create a "To:" header without a phrase part. The new behavior is + nicer, since the reply will be addressed to the sender by name if possible. + - LDA Sieve plugin: Fixed sequential execution of LDAP-based scripts. A + missing LDAP-based script could cause the script sequence to exit earlier. + - sieve-filter: Removed the (now) duplicate utf8 to mutf7 mailbox name + conversion. This caused problems with mailbox names containing UTF-8 + characters. The Dovecot API was changed years ago, but apparently + sieve-filter was never updated. + +v0.4.20 27-08-2017 Stephan Bosch <stephan@rename-it.nl> + + + Made the retention period for redirect duplicate identifiers configurable. + For accounts that perform many redirects, the lda-dupes database could grow + to impractical sizes. Changed the default retention period from 24 to 12 + hours. + - sieve-filter: Fixed memory leak: forgot to clean up script binary at end of + execution. Normally, this would merely be an inconsequential memory leak. + However, when the script comes from an LDAP storage, this would cause io + leak warnings. + - managesieve-login: Fixed handling of AUTHENTICATE command. A second + authenticate command would be parsed wrong. This problem was caused by + changes in the previous release. + - LDA Sieve plugin: Fixed minor memory leak caused by not cleaning up the + sieve_discard script. + +v0.4.19 26-06-2017 Stephan Bosch <stephan@rename-it.nl> + + * This release adjusts Pigeonhole to several changes in the Dovecot API, + making it depend on Dovecot v2.2.31. Previous versions of Pigeonhole will + produce compile warnings with the recent Dovecot releases (but still work + ok). + - Fixed bug in handling of implicit keep in some cases. Implicit side-effects, + such as assigned flags, were not always applied correctly. This is in + essence a very old bug, but it was exposed by recent changes. + - include extension: Fixed segfault that (sometimes) occurred when the global + script location was left unconfigured. + +v0.4.18 12-04-2017 Stephan Bosch <stephan@rename-it.nl> + + + imapsieve plugin: Implemented the copy_source_after rule action. When this + is enabled for a mailbox rule, the specified Sieve script is executed for + the message in the source mailbox during a "COPY" event. This happens only + after the Sieve script that is executed for the corresponding message in the + destination mailbox finishes running successfully. + + imapsieve plugin: Added non-standard Sieve environment items for the source + and destination mailbox. + - multiscript: The execution of the discard script had an implicit "keep", + rather than an implicit "discard". + +v0.4.17 26-02-2017 Stephan Bosch <stephan@rename-it.nl> + + - LDA Sieve plugin: Fixed handling of an early explicit keep during + multiscript execution. Action side-effects and the message snapshot would be + lost at the final stage where the implicit keep is evaluated. This could + result in the IMAP flags assigned to the message to be forgotten or that + headers modified by the "editheader" extension would revert to their + original state. + - file script storage: Amended the up-to-date time stamp comparison for + on-disk binaries to include nanoseconds. This will fix problems occurring + when both binary and script are saved within the same second. This fix is + ineffective on older systems that have no support for nanoseconds in stat() + timestamps, which should be pretty rare nowadays. + - file script storage: Improve saving and listing permission error to include + more details. + - imapsieve plugin: Make sure "INBOX" is upper case in static mailbox rules. + Otherwise, the mailbox name would never match, since matching is performed + case-sensitively and Dovecot only returns the upper-cased "INBOX". + - imapsieve plugin: Fixed assert failure occurring when used with virtual + mailboxes. + - doveadm sieve plugin: Fixed crash when setting Sieve script via attribute's + string value. + +v0.4.16 30-10-2016 Stephan Bosch <stephan@rename-it.nl> + + * Part of the Sieve extprograms implementation was moved to Dovecot, which + means that this release depends on Dovecot v2.2.26+. + * ManageSieve: The PUTSCRIPT command now allows uploading empty Sieve scripts. + There was really no good reason to disallow doing that. + + Sieve vnd.dovecot.report extension: + + Added a Dovecot-Reporting-User field to the report body, which contains + the e-mail address of the user sending the report. + + Added support for configuring the "From:" address used in the report. + + LDA sieve plugin: Implemented support for a "discard script" that is run + when the message is going to be discarded. This allows doing something other + than throwing the message away for good. + + Sieve vnd.dovecot.environment extension: Added vnd.dovecot.config.* + environment items. These environment items map to sieve_env_* settings from + the plugin {} section in the configuration. Such values can of course also + be returned from userdb. + + Sieve vacation extension: Use the Microsoft X-Auto-Response-Suppress header + to prevent unwanted responses from and to (older) Microsoft products. + + ManageSieve: Added rawlog_dir setting to store ManageSieve traffic logs. + This replaces at least partially the rawlog plugin (mimics similar IMAP/POP3 + change). + - doveadm sieve plugin: synchronization: Prevent setting file timestamps to + unix epoch time. This occurred when Dovecot passed the timestamp as + 'unknown' during synchronization. + - Sieve exprograms plugin: Fixed spurious '+' sometimes returned at the end + of socket-based program output. + - imapsieve plugin: Fixed crash occurring in specific situations. + - Performed various fixes based on static analysis and Clang warnings. + +v0.4.15 07-07-2016 Stephan Bosch <stephan@rename-it.nl> + + * vacation extension: The sieve_user_email setting is now used in the check + for implicit delivery. + - imapsieve plugin: For any mail transaction, the mailbox was opened a second + time, even if no mailbox rule matched. This was unintentional, useless and + caused problems when the imapsieve plugin was used with other plugins like + acl. + - extprograms plugin: Significantly improved error handling. No stream errors + were logged. + - extprograms plugin: Fixed bug in handling of result code from remote program + (script service). + - extprograms plugin: Connection to remote program service was not retried. + - Several small fixes based on static analysis. + - Fixed handling of quoted string localparts in email addresses. + +v0.4.14 26-04-2016 Stephan Bosch <stephan@rename-it.nl> + + * The address test now allows specifying the X-Original-To header. + + Implemented the Sieve imapsieve extension and its IMAP counterpart + (RFC 6785) as a set of plugins. This allows running Sieve scripts at IMAP + activity, rather than at delivery. There are also facilities for the + familiar sieve_before/sieve_after administrator scripts. A user script is + defined for a mailbox using an IMAP METADATA entry, whereas administrator + scripts are configured using mailbox matching rules defined in the plugin + settings. + + Adjusted the Sieve ihave extension to allow capability tests to be performed + at runtime. This way, scripts can be written that work both at delivery and + from IMAP. + + Implemented support for runtime trace debugging. This means that detailed + information about which commands, actions and tests are performed is written + to a file. That file is created in the configured directory, but only if + that directory exists. This way, a particular user can be easily singled out + for debugging. This works much like the Dovecot rawlog facility. The trace + output is identical to what is produced using sieve-test with its "-t" + command line option. + + Added a "sieve_user_email" setting that configures the user's primary email + address. This is mainly useful to have a user email address available in + IMAP, where envelope data is unavailable. + + Implemented the dovecot-specific "vnd.dovecot.report" extension. This allows + sending report messages in the Message Abuse Reporting Format (RFC 5965). + - extprograms plugin: Fixed epoll() panic caused by closing the output FD + before the output stream. + - Made sure that the local part of a mail address is encoded properly using + quoted string syntax when it is not a dot-atom. + +v0.4.13 18-03-2016 Stephan Bosch <stephan@rename-it.nl> + + * redirect action: Added the list-id header to the duplicate ID for mail loop + prevention. This means that the message sent directly to the user and the + message coming through the mailing list itself are treated as different + messages by the loop detection of the redirect command, even though their + Message-ID may be identical. + * Changed the Sieve number type to uint64_t, which means that Sieve numbers + can now technically range up to 2^64. Some other Sieve implementation + allowed this, making this change necessary for successful migration. + + Implemented the sieve_implicit_extensions setting. The extensions listed in + this setting do not need to be enabled explicitly using the Sieve "require" + command. This behavior directly violates the standard, but can be necessary + for compatibility with some existing implementations of Sieve. Do not use + this setting unless you really need to! + - redirect action: Made mail loop detection more robust by forcibly adding a + Message-ID header if it is missing. + - Prevent logging a useless "script not found" error message for LDAP scripts + for which the entry exists but no attribute containing a script. This is not + necessarily an error. + - extprograms plugin: Changed the communication channel between parent and + child process for a directly forked program from a socketpair to a double + pipe. Linux does not support /dev/stdin, /dev/stdout and friends for + sockets. For some shell program authors this may be confusing, so that is + why it is changed. When using the script service, these device nodes are + still not usable though. + +v0.4.12 06-02-2016 Stephan Bosch <stephan@rename-it.nl> + + + Implemented the Sieve extracttext extension (RFC 5703; Section 7). It is now + possible to extract body text from a message into a variable. + * Increased ABI version due to changes in the Sieve interpreter's object + definitions. + - multiscript: Fixed bug in handling of (implicit) keep; final keep action was + always executed as though there was a failure. This caused the keep action + to revert back to the initial message, causing editheader actions to be + ignored. + - managesieve-login: Fixed proxy to allow SASL mechanisms other than PLAIN. + Before, the proxy would fail if the server did not support the PLAIN + mechanism. + - ldap storage: Prevent segfault occurring when assigning certain (global) + configuration options. + +v0.4.11 08-01-2016 Stephan Bosch <stephan@rename-it.nl> + + - Sieve mime extension: Fixed the header :mime :anychild test to work properly + outside a foreverypart loop. + - Several fixes in message body part handling: + - Fixed assert failure occurring when text extraction is attempted on a + empty or broken text part. + - Fixed assert failure in handling of body parts that are converted to text. + - Fixed header unfolding for (mime) headers parsed from any mime part. + - Fixed trimming for (mime) headers parsed from any mime part. + - Fixed erroneous changes to the message part tree structure performed when + re-parsing the message. + - LDA Sieve plugin: Fixed logging of actions; sometimes the configured log + format was not followed. + - LDA Sieve plugin: Fixed bug in error handling of script storage + initialization. + - Sieve Extprograms plugin: Ignored ENOTCONN error in shutdown(fd, SHUT_WR) + call. + - Fixed duplication of discard actions in the script result. Each discard was + counted as a separate action, which means that action limit would be crossed + too early. + - Made sure that quota errors never get logged as errors in syslog. + - Fixed handling of implicit keep for a partially executed transaction that + yielded a temporary failure. + - Fixed handling of global errors. If master and user error handler were + identical, in some cases the log message could be lost. + - Fixed AIX compile issue in message body parser. + +v0.4.10 13-12-2015 Stephan Bosch <stephan@rename-it.nl> + + + Implemented the Sieve mime and foreverypart extensions (RFC 5703). These + are fully implemented. The interaction with the editheader extension needs + some work, but this should not influence most uses; i.e., changes by the + editheader extension are not always visible using foreverypart/mime. + + Sieve body extension: Properly implemented the `:text' body transform. It + now extracts text for HTML message parts. + + Sieve enotify extension: mailto method: Implemented the + sieve_notify_mailto_envelope_from setting. This allows configuring the + source of the notification sender address for e-mail notifications. This is + similar to what already can be configured for redirect. + + Added a sieve_enabled (defaults to 'yes') setting that allows explicitly + disabling Sieve processing for particular users. This used to be possible by + setting `sieve=', but ever since the sieve_before, sieve_after and + sieve_default settings were added, this method was not reliable anymore. + - variables extension: Fixed handling of empty string by the `:length' set + modifier. An empty string yielded an empty string rather than "0". + - Fixed memory leak in the Sieve script byte code dumping facility. Extension + contexts were never actually freed. + - Fixed handling of implicit keep when the last Sieve script is a global one. + In that case the implicit keep action was executed in global context, which + could mean that trivial (quota) errors ended up in the system log file, + rather than the user log file. + - doveadm sieve plugin: Fixed crashes caused by incorrect context allocation + in the sieve command implementations. + +v0.4.9 04-10-2015 Stephan Bosch <stephan@rename-it.nl> + + * Properly implemented checking of ABI version for Sieve interpreter plugins, + much like Dovecot itself does for plugins. This will prevent plugin ABI + mismatches. + + Implemented a vnd.dovecot.environment extension. This builds upon the + standard environment extension and adds a few more environment items, such + as username and default mailbox. It also creates a variables namespace so + that environment items can be accessed directly. I am still thinking about + more environment items that can be added. + + Sieve extprograms plugin: Made line endings of the input passed to the + external programs configurable. This can be configured separately for each + of the three extensions. + + ManageSieve: Implemented proxy XCLIENT support. This allows the proxy to + pass client information to the back-end. + - ManageSieve: Fixed an assert failure occurring when a client disconnects + during the GETSCRIPT command. + - doveadm sieve plugin: Fixed incorrect initialization of mail user. This + caused a few memory leaks. + - sieve-filter command line tool: Fixed handling of failure-related implicit + keep when there is an explicit default destination folder. This caused + message duplication. + - lib-sieve: Fixed bug in RFC5322 header folding. Words longer than the + optimal line length caused empty lines in the output, which would break the + resulting message header. This surfaced in References: headers with very + long message IDs. + +v0.4.8 15-05-2015 Stephan Bosch <stephan@rename-it.nl> + + * LDA Sieve plugin: Dovecot changed the deliver_log_format setting to include + %{delivery_time}. This prompted changes in Pigeonhole that make this release + dependent on Dovecot v2.2.17. + + Implemented magic to make sieve_default script visible from ManageSieve + under a configurable name. This way, users can see the default rules, edit + them and store a private adjusted version. This could also be achieved by + copying the default script into the user's script storage, but updates to + the global sieve_default script would be ignored that way. + + ManageSieve: Implemented support for reporting command statistics at + disconnect. Statistics include the number of bytes and scripts uploaded/ + downloaded/checked and the number of scripts deleted/renamed. + - Fixed problem in address test: erroneously decoded mime-encoded words in + address headers. + - extprograms plugin: Fixed failure occurring when connecting to script + service without the need to read back the output from the external program. + - Fixed bug in script storage path normalization occurring with relative + symbolic links below root. + - Fixed and updated various parts of the documentation + - ManageSieve: Used "managesieve" rather than "sieve" as login service name, + which means that all managesieve-specific settings where ignored. + - Managesieve: Storage quota was not always enforced properly for scripts + uploaded as quoted string. Nobody uses that, but it is allowed in the + specification and we support it, so it should work properly. + +v0.4.7 19-03-2015 Stephan Bosch <stephan@rename-it.nl> + + * editheader extension: Made protection against addition and deletion of + headers configurable separately. Also, the `Received' and `Auto-Submitted' + headers are no longer protected against addition by default. + * Turned message envelope address parse errors into warnings. + * The interpreter now accepts non-standard domain names, e.g. containing '_'. + + Implemented the Sieve index extension (RFC 5260). + + Implemented support for the mboxmetadata and servermetadata extensions + (RFC 5490). + + Implemented new sieve commands for the doveadm command line utility. These + commands are currently limited to ManageSieve operations, but the other + current sieve tools will be migrated to doveadm in the near future as well. + + Added more debug output about binary up-to-date checking. + + Added script metadata to binary dump output. + - Fixed Sieve script binary up-to-date checking by normalizing the script + location. + - The Sieve interpreter now flushes the duplicate database during start phase + of result execution rather than commit phase. This makes sure locks on the + duplicate database are released as soon as possible, preventing contention. + - Performed a few optimizations in the lexical scanner of the language. + - Fixed bug in `:matches' match-type that made a pattern without + wildcards match as if there were a '*' at the beginning. + - Fixed crash in validation of the string parameter of the comparator tag. + - extprograms extension: Made sure supplemental group privileges are also + dropped. This was a problem reported by Debian lintian. + - Fixed bug in handling of binary errors for action side-effects and message + overrides. + - file script storage: Restructured storage initialization to address + backwards compatibility issues. + - dict script storage: Fixed small memory allocation bug. + +v0.4.6 02-11-2014 Stephan Bosch <stephan@rename-it.nl> + + - After make distclean the distributed tarball would fail to recompile. + This causes problems for some distribution builds. + +v0.4.5 30-10-2014 Stephan Bosch <stephan@rename-it.nl> + + + Added a Pigeonhole version banner to doveconf output. This way, future + bug reports will also include Pigeonhole version information. + - Fixed handling of implicit keep. Last version erroneously reported that + implicit keep succeeded after an earlier failure, while it in fact had + failed. Particularly occurred for mailbox quota errors. + - Fixed segfault occurring on SunOS systems when there is no active script. + +v0.4.4 28-10-2014 Stephan Bosch <stephan@rename-it.nl> + + * Added support for Japanese mail addresses with dots at non-standard places + in localpart. + * Changed handling of ENOSPACE into a normal temporary failure and added + handling of ENOQUOTA as a user error. + * Restructured result execution, so that all actions which involve mail + storage are always committed before all others. + + Implemented support for generic Sieve storages. Using alternative storages + now also possible for sieve_before/sieve_after. + + Implemented storage driver for retrieving Sieve scripts from LDAP. This + currently cannot be used with ManageSieve. + + Implemented sieve_redirect_envelope_from setting, which allows configuring + the envelope sender of redirected messages. + - Fixed handling of mail storage errors occurring while evaluating the input + message. + - managesieve-login: + - Removed bogus ALERT response code returned for AUTHENTICATE command. + - Fixed handling of invalid initial response argument to AUTHENTICATE + command. + - Fixed handling of stream errors in lexical scanner. + - Fixed handling of SMTP errors. Permanent and temporary errors were mixed up. + - Fixed several problems reported by CLang 3.4. + - duplicate extension: Fixed erroneous compile error about conflicting tags + when `:handle' argument was used last. + - relational extension: Fixed error handling of `:value' match. + - editheader extension: Fixed header unfolding and header iteration. + - mailbox extension: Fixed the `:create' tag, which erroneously subscribed an + existing folder. + - extprograms plugin: Fixed handling of error codes. + - doveadm-sieve plugin: Fixed several bugs. Synchronization of symbolic link + in the file storage should now also work properly. + +v0.4.3 12-05-2014 Stephan Bosch <stephan@rename-it.nl> + + * Editheader extension: Made control characters allowed for editheader, except + NUL. Before, this would cause a runtime error. + + Upgraded Dovecot-specific Sieve "vnd.dovecot.duplicate" extension to match + the new draft "duplicate" extension. + - Fixed sieve_result_global_log_error to log only as i_info in administrator + log (syslog) if executed from multiscript context. + - Sieve redirect extension: Adjusted loop detection to show leniency to resent + messages. + - Sieve include extension: Fixed problem with handling of duplicate includes + with different parameters :once or :optional. + - Sieve spamtest/virustest extensions: Tests were erroneously performed + against the original message. When used together with extprograms filter to + add the spam headers, the changes were not being used by the spamtest and + virustest extensions. + - Deprecated Sieve notify extension: Fixed segfault problems in message string + substitution. + - ManageSieve: Fixed active link verification to handle redundant path slashes + correctly. + - Sieve vacation extension: + - Fixed interaction of sieve_vacation_dont_check_recipient with + sieve_vacation_send_from_recipient setting. + - Fixed log message for discarded response. + - Sieve extprograms plugin: + - Forgot to disable the alarm() timeouts set for script execution. + - Fixed fd leak and handling of output shutdown. + - Fixed 'Bad filedescriptor' error occurring when disconnecting script + client. + - Made sure that programs are never forked with root privileges. + +v0.4.2 26-09-2013 Stephan Bosch <stephan@rename-it.nl> + + * Incompatible change in Sieve doveadm plugin: the root attribute for + Sieve scripts is changed. Make sure that you update both sides of a dsync + setup simultaneously when Sieve is involved, otherwise synchronization will + likely fail. + + Added support for sending Sieve vacation replies with an actual sender, + rather than the default <> sender. Check the updated + doc/extensions/vacation.txt for more information. + - Fixed a binary code read problem in the `set' command of the Sieve variables + extension. Using the set command with a modifier and an empty string value + would cause code corruption problems while running the script. + - Various fixes for doveadm-sieve plugin, mostly crashes. These include a fix + for the `Invalid value for default sieve attribute' problem. + - Various fixes for compiler and static analyzer warnings, e.g. as reported + by CLang and on 32 bit systems. + - Fixed the implementation of the new :options flag for the Sieve include + extension. + - Fixed potential segfault bug at deinitialization of the lda-sieve plugin. + - Fixed messed up hex output for sieve-dump tool. + +v0.4.1 03-06-2013 Stephan Bosch <stephan@rename-it.nl> + + + Added support for handling temporary failures. These are passed back to + LDA/LTMP to produce an appropriate response towards the MTA. + - Sieve storage: Removed PATH_MAX limitation for active symlink. This caused + problems for GNU/Hurd. + - Fixed line endings in X-Sieve headers added by redirect command. + - ManageSieve: Fixed '[' ']' stupidity for response codes (only happened + before login). + - Fixed setting name in example-config/conf.d/20-managesieve.conf. + - Sieve extprograms plugin: Fixed interaction between pipe command and remote + script service. The output from the script service was never read, causing a + broken pipe error at the script service. Apparently, this was broken since + the I/O handling for extprograms was last revised. + - Fixed assertion failure due to datastack problem in message header + composition. + +v0.4.0 09-05-2013 Stephan Bosch <stephan@rename-it.nl> + + + Added doveadm-sieve plugin that provides the possibility to synch Sieve + scripts using doveadm sync along with the user's mailboxes. + + Added the Sieve extprograms plugin to the main Pigeonhole package. It is + still a plugin, but it is now included so that a separate compile is no + longer necessary and distributors are likely to include it. The extprograms + plugin provides Sieve language extensions that allows executing + (administrator-controlled) external programs for message delivery, + message filtering and string manipulation. Refer to + doc/plugins/sieve_extprograms.txt for more information. + + Added debug message showing Pigeonhole version at initialization. Makes it + very clear that the plugin is properly loaded. + + Finished implementation of the Sieve include extension. It should now + fully conform to RFC 6609. The main addition is the new :optional tag which + makes the include command ignore missing included scripts without an error. + + Finished implementation of the Sieve environment extension as much as + possible. Environment items "location", "phase" and "domain" now also + return a usable value. + +v0.3.6 26-09-2013 Stephan Bosch <stephan@rename-it.nl> + + - Fixed a binary code read problem in the `set' command of the Sieve variables + extension. Using the set command with a modifier and an empty string value + would cause code corruption problems while running the script. + - Various fixes for compiler and static analyzer warnings, as reported + by CLang. + - ManageSieve: Fixed '[' ']' stupidity for response codes (only happened + before login). + - Fixed setting name in example-config/conf.d/20-managesieve.conf. + - Fixed messed up hex output for sieve-dump tool. + +v0.3.5 09-05-2013 Stephan Bosch <stephan@rename-it.nl> + + - Sieve editheader extension: fixed interaction with the Sieve body extension. + If used together, the deleteheader action could fail after a body test was + performed. + - Test suite: fixed a time zone dependency in the Sieve date extension tests. + +v0.3.4 06-04-2013 Stephan Bosch <stephan@rename-it.nl> + + * Changed error handling to be less of a nuisance for administrators. Strictly + user-caused errors are only reported in user log. Some errors are logged as + info instead. + * Sieve: Changed behavior of redirect in case of a duplicate message delivery + or a mail loop. If a duplicate is detected the implicit keep is canceled, + as though the redirect was successful. This prevents getting local + deliveries. The original SMTP recipient is used when it is available to + augment the entry in the LDA duplicate database. This way, duplicates are + only detected when (initially) addressed to the same recipient. + + Sieve vnd.dovecot.duplicate extension: added new features to the duplicate + test, making it possible to manually compose the key value for duplicate + checking. This extension is in the process of being standardized + (https://tools.ietf.org/html/draft-bosch-sieve-duplicate-01). + + Sieve date extension: generate warning when invalid date part is specified. + - Sieve editheader extension: fixed crash occurring when addheader :last was + used. + - Sieve include extension: fixed missing error cleanup that caused a resource + leak. + - Sieve vacation extension: fixed determination of From: address for when + sieve_vacation_dont_check_recipient is active. + - Sieve tools: the -D option wasn't enabled and documented for all tools. + - Siev dict script storage: fixed potential segfault occurring when dict + initialization fails. + - ManageSieve: fixed bug in skipping of CRLF at end of AUTHENTICATE command. + - ManageSieve: fixed handling of unkown commands pre-login. + - Fixed compile on Mageia Linux. + +v0.3.3 18-09-2012 Stephan Bosch <stephan@rename-it.nl> + + - Fixed compile against installed Dovecot headers. This was broken by the + ld.gold fix in the previous release. + +v0.3.2 18-09-2012 Stephan Bosch <stephan@rename-it.nl> + + + sieve-refilter tool: improved man page documentation by explicitly + specifying the syntax used for mailbox arguments. + + Sieve: spamtest and virustest extensions: improved trace debugging of score + calculation. + + Sieve: made error messages about exceeding the maximum number of actions + more verbose. + - Sieve tools: fixed problems with running as root: sievec and sieve-dump now + ignore mail_uid and mail_gid settings when run as root. + - Sieve: fixed bug in action accounting (for limit checking): increase action + instance count only when an action is actually created. + - Sieve: include extension: fixed namespace separation of :global and + :personal scripts. + - ManageSieve: fixed segfault bug triggered by CHECKSCRIPT command. + - Fixed linking with ld.gold. + - Fixed several Clang compile warnings and a few potential bugs. + +v0.3.1 25-05-2012 Stephan Bosch <stephan@rename-it.nl> + + * Added support for retrieving Sieve scripts from dict lookup. This means that + Sieve scripts can now be downloaded from a database. Compiled script + binaries are still put on disk somewhere if used. The INSTALL documentation + is updated with information on this new feature and the + (backwards-compatible) changes to the configuration. Note that his feature + is currently not supported for sieve_before/sieve_after or script management + through ManageSieve. + + Incorporated the sieve_duplicate plugin into main Pigeonhole tree as a + normal extension (vnd.dovecot.duplicate). This Dovecot-specific extension + adds the ability to check for duplicate deliveries based on message ID. + Specification can be found in: doc/rfc/spec-bosch-sieve-duplicate.txt + + Added support for specifying multiple sieve_before and sieve_after paths. + This adds much more flexibility to the multiscript configuration. One + application is to have user-specific Sieve scripts outside the user's + normal control through ManageSieve. + + Added a "session ID" string for managesieve connections, available in + %{session} variable (analogous to Dovecot change). + - Fixed several small issues, including a few potential segfault bugs, based + on static source code analysis. + - ManageSieve: changed use of EPROTO error to EIO in ManageSieve string stream + implementation because it is apparently not known in BSD. + - Gave stamp.h.in (needed for autotools) some content to prevent it from + disappearing in patch files. + - Fixed bug that caused a SunStudio CC compile failure (reported by Piotr + Tarnowski). + +v0.3.0 16-02-2012 Stephan Bosch <stephan@rename-it.nl> + + * Renamed sieve_global_path setting to sieve_default for clarity. Old name is + still recognized for backwards compatibility. Support for the ancient (pre + v1.1) name for this setting "global_script_path" is now dropped. + * Added means to prohibit use of redirect action. Setting sieve_max_redirects + to 0 now means that redirect is disallowed instead of unlimited. Default + value remains four. + * Fixed interaction of Sieve include extension with ManageSieve. It is updated + to match new requirements in the draft include specification. Missing + included scripts are no longer an error at upload time. + * Updated RFC2822 header field body verification to exclude non-printing + characters (RFC5322). Only Sieve actions that can create unstructured header + values (currently enotify/mailto and editheader) are affected by this + change. + + Completed sieve-filter tool to a useful state. The sieve-filter tool + provides a means to (re)filter messages in a mailbox through a Sieve script. + + Implemented the Sieve editheader extension. It is now possible to add and + remove message headers from within Sieve. + + ManageSieve: added support for reading quoted and literal strings as a + stream. Fixes support for handing large SASL responses (analogous to similar + changes in Dovecot). It is now also allowed to use a quoted string for the + PUTSCRIPT script argument. + + Added code to cleanup tmp directory in Sieve storage directory (sieve_dir) + every once in a while. + + Added support for substituting the entire message during Sieve processing. + This is used for the filter action provided by the new sieve_extprograms + plugin (provided separately for now). The filter action allows passing the + message through an external program. + + Added support for restricting certain Sieve language extensions to + (admin-controled) global scripts. Restricted extensions can be configured + using the new sieve_global_extensions setting. This is particularly useful + for some of the Dovecot-specific (plugin-based) Sieve extensions, that can + be somewhat hazardous when under direct control of users (e.g. + sieve_extprograms). + +v0.2.6 13-02-2012 Stephan Bosch <stephan@rename-it.nl> + + * This release fixes unintentional behavior of the include extension. Included + scriptnames with a name like "name.sieve" would implicitly map to a script + file called "name.sieve" and not "name.sieve.sieve". Keep in mind that the + .sieve file extension has no meaning from within the Sieve language. A Sieve + script is always stored with an appended .sieve file extension, also when + the name already ends with a .sieve suffix. + IMPORTANT: Some installations have relied on this unintentional feature, so + check your script includes for issues before upgrading. + * Matched changes regarding auth_verbose setting in Dovecot. This means that + this release will only compile against Dovecot v2.0.18. + - Fixed problem in ManageSieve that caused it to omit a WARNINGS response code + when the uploaded script compiled with warnings. + - Made sure that locations of Sieve error never report `line 0'. + - Fixed potential segfault occurring when interpreter initialization fails. + +v0.2.5 19-11-2011 Stephan Bosch <stephan@rename-it.nl> + + + Sieve vacation extension: made discard message for implicit delivery more + verbose + - The sieve-test tool: mixed up original and final envelope recipient in + implementation of command line arguments. + - Sieve vacation extension: resolved FIXME regarding the use of variables in + the :handle argument. Variables are now handled correctly. + - Sieve body extension: fixed handling of :content "message/rfc822". This now + yields the headers of the embedded message as required by the specification. + Handling of :content "multipart" remains to be fixed. + - LDA Sieve plugin: fixed problem with recipient_delimiter configuration. Now + falls back to global recipient_delimiter setting if + plugin/recipient_delimiter is not set. + +v0.2.4 13-09-2011 Stephan Bosch <stephan@rename-it.nl> + + + Vacation extension: finally added support for using the original recipient + in vacation address check. It is also possible to disable the recipient + address check entirely. Check doc/vacation.txt for configuration + information. + + Include extension: made limits on the include depth and the total number of + included scripts configurable. Check doc/include.txt for configuration + information. + + Implemented ihave extension. This allows checking for the availability + of Sieve language extensions at 'runtime'. Actually, this is checked + at compile time. At runtime the interpreter checks whether extensions + that were not previously available are still unavailable. If the situation + changed, the script is re-compiled and the ihave tests are evaluated again. + + Sieve: optimized compilation of tests that yield constant results (i.e. + known at compile tme), such as 'true' and 'false'. No code is produced + anymore for script sections that are never executed. Also, semantics + are not verified anymore in uncompiled script sections. + + Made vnd.dovecot.debug extension available to the LDA plugin instead of + only the command line tools. + + Sieve: redirect action now adds X-Sieve-Redirected-From header (mainly for + people using SPF/SRS). + - Sieve: fixed bug in handling flags and keywords; in case of error an + assertion was triggered. + - Script storage: improved handling of unconfigured user home directory. + Originally this would produce an unhelpful error message. + - Imap4flags extension: prevent forcibly enabling imap4flags when imapflags + is enabled. + - Fixed various -Wunused-but-set-variable compiler warnings. + - Include extension: forgot to check variable identifier syntax for 'global' + command. + - Sieve: fixed debug mode; no messages were logged in some situations. + - sievec tool: forgot to enable -D (debug) parameter. + +v0.2.3 14-04-2011 Stephan Bosch <stephan@rename-it.nl> + + * Sieve filter tool: finished implementing basic functionality. It is not + quite ready yet, but it is available for those willing to experiment + with it (needs --with-unfinished-features config to compile). Also + includes man page. + + Vacation extension now inhibits replies to messages from sender listed + in :addresses, thus preventing replies to one of the user's other known + addresses. + + Vacation extension: implemented the (draft) vacation-seconds extension. + This also adds min/max period configuration settings. Refer to + doc/vacation.txt for configuration information. + - ManageSieve: fixed bug in UTF-8 checking of string values. This is done + by discarding the original implementation and migrating to the Dovecot + API's UTF-8 functionality. + - Sieve command line tools now avoid initializing the mail store unless + necessary. This prevents sievec and sieve-dump from failing when + executed by root for example. + - Enotify extension: fixed inappropriate return type in mailto URI parse + function, also fixing ARM compiler warning. + - Vacation extension: fixed handling of sendmail errors. It produced an + additional confusing success message in case of error. + - Removed header MIME-decoding to fix erroneous address parsing. Applies to + address test and vacation command. + - Fixed segfault bug in extension configuration, triggered when unknown + extension is mentioned in sieve_extensions setting. + +v0.2.2 06-12-2010 Stephan Bosch <stephan@rename-it.nl> + + * LDA Sieve plugin: started using Dovecot LDA reject API for the reject + extension. This means that the LDA reject_reason and reject_subject + settings now also work for Pigeonhole's LDA Sieve plugin. + * Did some work on the new sieve-filter tool. It is mostly functional, but + it is not finished yet. + * Dovecot change: services' default vsz_limits weren't being enforced + correctly in earlier v2.0 releases. Now that they are enforced, you might + notice that the default limits are too low and you need to increase them. + This problem will show up in logs as "out of memory" errors. See + default_vsz_limit and service { vsz_limit } settings. + - Imap4flags: fixed segfault bug occurring in multiscript context. + - Added version checking to the ManageSieve settings plugin. This plugin was + forgotten when the LDA plugin was updated with this change in the previous + release. + - LDA Sieve plugin: fixed memory leak at deinitialization. + +v0.2.1 27-09-2010 Stephan Bosch <stephan@rename-it.nl> + + + Incorporated distinction between original and final envelope recipient in + Sieve interpreter, as recently introduced in Dovecot. + + Regex extension: added support for regex keys composed from variables. + - LDA Sieve plugin: added _version symbol to enable Dovecot's plugin version + check. Without this check, people can forget to recompile the plugin, which + can lead to unexpected effects. + - LDA Sieve plugin: turned debug message about an unconfigured home directory + into a proper error and added script path information. + - Fixed unnecessary reporting of dummy extensions in ManageSieve SIEVE + capability; the comparator-i;octet and comparator-i;ascii-numeric + 'extensions' were reported explicitly. + +v0.2.0 10-09-2010 Stephan Bosch <stephan@rename-it.nl> + + * Merged Sieve and ManageSieve packages into a single Pigeonhole package. + There is also no need to patch Dovecot anymore to gain ManageSieve support. + Version numbering of previous Sieve releases is continued as v0.2.0. The + sources originally branched off from Sieve v0.1.5 and ManageSieve v0.11.4, + but the NEWS history of much more recent releases for Dovecot v1.2 is + included since these changes are all included in this release as well. + * The ManageSieve service now binds to TCP port 4190 by default due to the + IANA port assignment for the ManageSieve service. When upgrading from v1.2, + this should be taken into account. The service can be configured manually to + listen on both 2000 and 4190. + * The Dovecot configuration now calls the ManageSieve protocol 'sieve' in + stead of 'managesieve' because it is registered as such with IANA. The + binaries and the services are still called managesieve and + managesieve-login. + * The binary representation of a compiled Sieve script is updated to include + source code locations of all commands and arguments. This is implemented in + a similar manner as such debug information is included in some system + executables and libraries (DWARF-like). Run-time errors can now always refer + to the proper line number in the Sieve source script. + * The Sieve plugin is adapted to work properly with the new LMTP service + introduced with Dovecot v2.0. The same plugin is used for both LDA and LMTP. + * The 'sieve_subaddress_sep' setting for the Sieve subaddress extension is now + known as 'recipient_delimiter'. Although the deprecated sieve_subaddress_sep + setting is still recognized for backwards compatibility, it is recommended + to update the setting to the new name, since the new LMTP service also uses + the recipient_delimiter setting. + * ManageSieve: changed default IMPLEMENTATION capability to from 'Dovecot' to + 'Dovecot Pigeonhole'. + * Renamed the sieved tool to sieve-dump. The original name was somewhat + confusing. + * Updated man pages to match style and structure of new Dovecot man pages. + * Made testsuite commands more uniform and cleaned up many of the testsuite + scripts. Some minor new tests were added in the process. + + Simplified string matching API to use abstract string lists as data sources. + This will also make implementing the index extension easier in the future. + + Significantly improved trace debugging with the sieve-test tool. The full + execution of the script can be examined, including the matched values and + keys of the respective Sieve test commands. The executed statements are + listed with their line number (and code address when requested). The level + of detail is configurable from the command line. + + The SIEVE and NOTIFY capabilities reported by the ManageSieve protocol can + now be configured manually. If left unconfigured, the capabilities are + determined from the default Sieve and ManageSieve configuration. + User-specific capabilities aren't reported until after authentication. + + Significantly improved file error handling. This means that administrators + get a more useful and informative log message when file operations fail. The + most notable example is that when the LDA Sieve plugin is trying to store a + binary for a global script, the resulting failure message also points the + administrator towards pre-compiling the script with sievec. + + Added runtime argument value checking for several commands (redirect, date + vacation). When variables are used, these checks cannot be performed at + compiletime. A proper runtime error now is produced when invalid data is + encountered. + + UTF8 validity of fileinto command argument is now checked either at compile + time or at runtime. Previously, it was not checked until the store action + was executed. + + Validity of IMAP flags for the imap4flags extension is now checked also + at runtime. Previously, it was not checked until the store action was + executed. + + Simplified and restructured error handling. Also made sure that user-caused + errors are no longer written to the Dovecot master/LDA log. + - Multiscript: fixed duplicate implicit keep caused by erroneous execution + state update. + - Prevented assertion failure due to currupt binary string representation. + If the string was missing a final \0 character an assertion was produced in + stead of a binary corruption error. + - Imap4flags: fixed bug in setflag command; when parameter was a stringlist, + only the last item was actually set. + - Variables extension: fixed :length set modifier to recognize utf8 characters + instead of octets. + - Testsuite: prevented innocent warning messages, i.e. those that are part of + the test, from showing up by default. + - ManageSieve/Sieve storage: fixed error handling of PUTSCRIPT commmand; save + commit errors would not make the command fail. + - ManageSieve: enforced protocol syntax better with some of the commands; some + commands allowed spurious extra arguments. + - Fixed Sieve script name checking to properly handle length limit and added + 0x00ff as invalid character. + - Removed spurious old stdio.h (top) includes; these caused compile issues on + specific systems. + - Fixed default Sieve capability (as reported by ManageSieve): extra + extensions spamtest, spamtestplus and virustest were enabled by default. + These should, however, only be enabled when properly configured and there + is no default configuration. + +(Fused Dovecot Sieve and ManageSieve packages into a single Pigeonhole release) + +Dovecot Sieve NEWS history: +--------------------------- + +Dovecot 1.2: + +v0.1.17 19-06-2010 Stephan Bosch <stephan@rename-it.nl> + + - Made sure source code positions for compiler messages are recorded at start + of tokens. + - Fixed a few potential memory leaks in the Sieve compiler and the + spam/virustest extensions. + - Made command line tools return proper exit status upon failure. + +v0.1.16 30-04-2010 Stephan Bosch <stephan@rename-it.nl> + + * Finished implementation of spamtest, spamtestplus and virustest extensions. + These are not enabled by default and need to be activated with the + sieve_extensions setting. Documentation available in + doc/spamtest-virustest.txt + + Vacation extension: the from address of the generated reply is now by + default equal to whatever known recipient alias matched the headers of the + message. If it is one of the aliases specified with :addresses, it is used + instead of the envelope recipient address that was used before. + + Restructured and optimized the lexical scanner. + + Added --with-docs configure option to allow disabling installation of + documentation. + - Accidentally omitted 'extern' in two declarations of global variables in + header files, causing compile failures on certain systems. + - Deprecated imapflags extension: fixed implicit assignment of flags. Turns + out this never really worked, but the effect of this bug was obscured by the + removeflag bug fixed in the previous release. + - Fixed various memset argument mixups in enotify extension. This caused + warnings on certain systems, but luckily no adverse effects at runtime. + +v0.1.15 25-01-2010 Stephan Bosch <stephan@rename-it.nl> + + * Enotify extension: + - Adjusted notify method API for addition of new notification methods. + - Set default importance level to 'normal' (was 'high'). + * Include extension: updated implementation towards most recent specification + (all should be backwards compatible): + - Implemented global variables namespace. + - Global command may now appear anywhere in a script. + - Implemented script name checking using the requirements specified in the + ManageSieve draft. + - One issue remains: ManageSieve currently requires included scripts to be + uploaded first, which is not according to specification. + * Changed envelope path parser to allow to and from envelope addresses that + have no domain part. + + Added preliminary support for Sieve plugins and added support for installing + Sieve development headers. + + Started work on the implementation of the spamtest, spamtestplus and + virustest extensions (unfinished). + + Deprecated notify extension: implemented denotify command. + + Variables extension: added support for variable namespaces. + + Added configurable script size limit. Compiler will refuse to compile files + larger than sieve_max_script_size. + + Testsuite changes: + - Added support for changing and testing an extension's configuration. + - Added a command line parameter for copying errors to stderr. + - Fixed a bug in the i;ascii-numeric comparator. If one of the strings started + with a non-digit character, the comparator would always yield less-than. + - Imap4flags extension: fixed bug in removeflag: removing a single flag failed + due to off-by-one error (bug report by Julian Cowley). + - Improved EACCES error messages for stat() and lstat() syscalls and slightly + improved error messages that may uccur when saving a binary. + - Vacation extension: fixed typo in runtime log message (patch by Julian + Cowley). + - Fixed use of minus '-' in man pages; it is now properly escaped. + - Fixed parser recovery. In particular cases it would trigger spurious errors + after an initial valid error and sometimes additional errors were + inappropriately ignored. + +v0.1.14 19-12-2009 Stephan Bosch <stephan@rename-it.nl> + + * Made the imposed limits on the number of redirects and the number of + actions configurable. The settings are called sieve_max_actions and + sieve_max_redirects. + * Did a major rework of extension handling, making sure that no global state + is maintained. This change was triggered by problems that global state info + would cause for Dovecot v2.0, but it is also important for v1.2 as it + significantly cleans up the library implementation. + + Made LDA Sieve plugin recognize the deliver_log_format setting. + + Message headers produced from user-supplied data are now RFC2047-encoded if + necessary for outgoing messages. This is for example important for the + :subject argument of the vacation action. + + Added support for the $text$ substitution in the deprecated notify + extension. + + The subaddress extension now also accepts recipient_delimiter setting as an + alias for sieve_subaddress_sep setting. This anticipates the + recipient_delimiter setting in v2.0. + - Fixed logging of mailbox names. It logged the converted mUTF7 version in + stead of the original UTF8 version supplied by the user. + - Fixed a minor memory leak in the multiscript support. + - Fixed a bug in the recompilation of Sieve scripts. Made sure that scripts + are only recompiled when the script file - or the symlink pointing to it - + is strictly newer. + +v0.1.13 18-10-2009 Stephan Bosch <stephan@rename-it.nl> + + + Body extension: implemented proper handling of the :raw transform and added + various new tests to the test suite. However, :content "multipart" and + :content "message/rfc822" are still not working. + + Fixed race condition occurring when multiple instances are saving the same + binary (patch by Timo Sirainen). + + Test suite: added support for testing multiscript execution. + - Made compiler more lenient towars missing CRLF at the end of the script in a + hash comment. + - Body extension: don't give SKIP_BODY_BLOCK flag to message parser, we want + the body! (patch by Timo Sirainen). + - Fixed handling of implicit side effects for multiscript execution. + - Fixed bugs in multiscript support; subsequent keep actions were not always + merged correctly and implicit side effects were not always handled + correctly. + - Fixed a segfault bug in the sieve-test tool occurring when compile fails. + - Fixed segfault bug in action procesing. It was triggered while merging side + effects in duplicate actions. + - Fixed bug in the Sieve plugin that caused it to try to stat() a NULL path, + yielding a 'Bad address' error. + +v0.1.12 21-08-2009 Stephan Bosch <stephan@rename-it.nl> + + + Testsuite: added support for testing binaries stored on disk. + + Implemented the new date extension. This allows matching against date values + in header fields and the current date at the time of script evaluation. + +v0.1.11 08-08-2009 Stephan Bosch <stephan@rename-it.nl> + + + Built skeleton implementation for the date extension (RFC 5260). It + compiles, but it does not do anything useful yet. Therefore, it is not part + of the default compilation. + - Fixed ARM portability issues caused by char type not being signed on that + platform. Reading optional operands from a binary would fail for action side + effects. Also, an accidental mixup of an int return type with bool caused + the interpreter to continue on ARM even though an error occured. + - Removed direct stdint.h includes to prevent portability issues. + - Fixed segfault bug in the handling of script open failures. + - Include: improved user error messages and system log messages. + - Fixed copy-paste mixup between sieve_after and sieve_before settings in the + LDA Sieve plugin. If only a sieve_after script was active, nothing would + have been executed. Patch by Mike Abbott. + - Include: fixed a bug in HOME substitution in the sieve_dir path. Surfaced in + ManageSieve. + +v0.1.10 03-08-2009 Stephan Bosch <stephan@rename-it.nl> + + * Changed action execution of fileinto and keep. These changes depend on API + additions in Dovecot, making this release depend on Dovecot v1.2.2 or newer. + * Further developed the sieve-filter command line tool. This required a few + changes to the action execution of the Sieve engine. The tool was + successfully tested on folders with a few 100k spam messages. However, the + commandline options are still incomplete, a man page is missing and it needs + much more testing before I can recommend anyone to use this tool. + + Added support for the mailbox extension. This allows checking whether a + mailbox exists using the mailboxexists command and it adds the :create + argument to the fileinto command to create the mailbox when it is missing. + The :create feature is useless unless the Deliver LDA is run with the -n + option. + + Improved the testsuite with tests for message delivery. Messages stored + using keep and fileinto can be fed back into the Sieve engine for + verification. This includes testing of applied IMAP flags. + + Updated the man pages with the new method of specifying the supported + extensions using + and - (for the -x parameter of the sieve tools) + + Further developed the deprecated notify extension. A dummy for the denotify + command exists, meaning that its use does not cause an error anymore. + - Fixed a bug in the derivation of the binary path from the script path. A + bare filename would yield a path relative to root. + - Fixed a bug in the value matching code. The context data now uses a proper + pool instead of the data stack. Bug reported by Jan Sechser. + - Fixed assertion fail in the include extension caused by missing + initialization upon binary load. This bug surfaces only for stored + binaries. Bug reported by Tom Hendrikx. + - Fixed include error message for failed :global include. It mentioned the + wrong config parameter. + - Fixed broken wiki reference in an error message of the plugin about the + 'sieve' setting. + - Fixed behavior of fileinto when delivering into a namespace prefix. + Previous fix used the wrong storage. + +v0.1.9 22-07-2009 Stephan Bosch <stephan@rename-it.nl> + + * Removed the unfinished sieve-filter tool from the default build. It is now + only built when the --with-unfinished-features switch is supplied during + configure. + + Started building support for the ereject version of the reject action, + which has a preference to use an SMTP/LMTP protocol error instead of a + bounce message. This is to be used to make the Sieve plugin honour Deliver's + -e parameter. This is not yet finished and not built by default. + + Improved 'Permission denied' error messages just like Dovecot does, + precisely specifying what permission is missing to access or create a file. + + Added additional headers to the list of allowed headers for the address + test. The restrictive nature of the address test is not always appropriate. + Still thinking of a better, less restrictive implementation. + + Made the deprecated notify extension compatible with the old CMUSieve + plugin. However, the denotify command and the $text$ substitution are not + yet supported. + + Made the discard action log a message to avoid confusion about disappearing + messages. + - Fixed behavior of fileinto when delivering into a namespace prefix. It now + uses silent delivery into INBOX as fallback. + - Fixed logging of folder namespace prefix upon delivery into a prefixed + namespace. Formerly it only logged the bare folder name. + - Fixed a potential segfault in the argument validation. It didn't surface + because no command could have a :tag followed by an associated parameter as + last argument. + - Fixed segfault bug occurring in envelope test when performed on null (<>) + envelope path. The fix involves a rather large restructuring of the code to + make sure envelope addresses are properly handled everywhere (bug reported + by Nikita Koshikov) + - Envelope: fixed bug in application of address parts; failure to obtain + the part would cause inappropriate match success (bug reported by Ron Lee) + - Fixed extension conflict checks during validation. It could sometimes + produce useless errormessages. This is currently only used by the + deprecated extensions. + - Forgot to remove old explicit storage library dependency (patch by + Arkadiusz Miskiewicz). + - Fixed compiler warnings on certain platforms regarding the use fwrite for + outgoing message construction + +v0.1.8 12-07-2009 Stephan Bosch <stephan@rename-it.nl> + + - Fixed AIX compile problem. For portability, the typeof operator is + not used anymore. + + Added partial support for the deprecated notify extension. However, it + turns out that the implementation provided by cmusieve is even older (2001), + meaning that this is currently not backwards compatible with cmusieve. + +v0.1.7 05-07-2009 Stephan Bosch <stephan@rename-it.nl> + + + Added support for CRLF line breaks in strbuf error handler to fix a + ManageSieve problem. + + Improved consistency of sieve tool documentation and fixed missing + parameters in internal tool help output. + + Enhanced extensions configuration, allowing to specify the enabled + extensions relatively to the default (patch by Steffen Kaiser). + - Forgot to initialize script execution status in Sieve plugin, causing + segfaults on compile errors in specific conditions. + - Fixed logging in Sieve plugin for execution of default main script (went + to STDERR). + +v0.1.6 18-06-2009 Stephan Bosch <stephan@rename-it.nl> + + * Adjusted to changes in Dovecot to make it compile against v1.2.rc5 + * Made default of sieve_dir setting match the ManageSieve implementation. + - Fixed a few problems in de body extension that caused assert failures in + specific situations. + +v0.1.5 18-04-2009 Stephan Bosch <stephan@rename-it.nl> + + * Ported the implementation of the Sieve include extension to the latest + draft. This means that the import and export commands are replaced by a new + command called global. The import and export commands are now DEPRICATED and + are mere aliases for the global command. The new specification also adds the + :once modifier to the include command. The also newly specified global.* + variable namespace is not implemented yet as support for variable namespaces + is currently missing. + * Did a major rework of the multiscript support for better error handling and + made sure that persistent global scripts (sieve_before/sieve_after) are + always executed, even when the user does not have a script of his own and + a global default is missing. + + Provided basic support for the environment extension. Currenly, the name, + version and host items are useful. Others are pending. + + Improved error message that is presented when an unknown Sieve extension is + provided as argument to the require command. It now notifies the user that + Sieve core commands do not need to be specified in require. + - Fixed bug in includes at levels deeper than one. + - Fixed bug in address matching that was caused by the failure to handle group + specifications. In dovecot, these are marked by address items with NULL + elements, which causes a segfault if not considered. The group 'undisclosed- + recipients:;' in particular triggered this bug. Bug reported by Bernhard + Schmidt. + +v0.1.4 21-03-2009 Stephan Bosch <stephan@rename-it.nl> + + * Started work on the sieve-filter tool. With this command line tool it will + be possible to (re-)apply Sieve filters on a mail folder. It is currently + undocumented and far from functional. + + Added a custom debug extension that provides the possibility to print debug + messages from scripts executed by the Sieve tools. + - Fixed issue with opening relative paths as a mail file. Bug reported by Ian + P. Christian. + - Fixed MAC OSX compile problem. Turns out the extern modifier was missing at + multiple places. Bug reported by Edgar Fuss. + - Fixed Solaris compile problem: removed unecessary and unportable linker + flags that caused compile to fail. Bug reported by Andrés Yacopino. + +v0.1.3 12-02-2009 Stephan Bosch <stephan@rename-it.nl> + + * Adapted to changes in Dovecot, making this release dependent on Dovecot + >= 1.2.beta1 + * Made mail address comparison fully case-insensitive. This is particularly + noticeable for the :addresses argument of the vacation command. + + Finished enotify extension. Currently, only the mailto notification method + is implemented. All still needs to be tested thoroughly. + + Implemented multiscript support. It is now possible to execute multiple + Sieve scripts sequentially. Administrator-controlled scripts can be + executed before and after the user's script. Still needs to be tested + thoroughly. + + Implemented support for configuring the available Sieve extensions. + + Made the subaddress extension (partially) configurable using the + sieve_subaddress_sep setting, which allows specifying a (multi-charater) + separator other than '+'. + + Compiler now warns about invalid header field names used for the header and + address tests. + + Vacation extension now properly generates a References header for the + response message. + + Added testing of basic result execution to the test suite. Also added + supportfor testing the outgoing messages produced by the Sieve interpreter. + + Included execution of the actual result in the sieve-test command line tool. + The undocumented sieve-exec tool that existed for this is now removed as + planned. + + Added support for the now obsolete 'imapflags' extension for backwards + compatibility with CMUSieve. This also implements the mark/unmark commands. + - Fixed bugs in the regex extension: 1) if an optional match value did not in + fact match, subsequent match values would get unexpected indexes. 2) fixed + segfault bug occurring when regex is freed. + - Fixed bug in the use of the :from agrument for the vacation command. If this + address included a phrase part, the response would not be a valid RFC822 + message. + - Plugged a theoretical security hole occurring when a directory is opened as a + Sieve binary. + - Cleaned up and fixed various log messages. + - Fixed bug in the outgoing address verification. Addresses ending in ',' were + erroneously accepted. + +v0.1.2 26-11-2008 Stephan Bosch <stephan@rename-it.nl> + + - Fixed important bug in the redirect action (and probably other actions like + reject and vacation that only send messages). This was a bug in the handling + of context information during the execution of actions. It caused the sieve + interpreter to crash with a segfault when redirect was executed. + +v0.1.1 24-11-2008 Stephan Bosch <stephan@rename-it.nl> + + * Re-enabled support for compiling against dovecot headers. Much like + cmusieve, command line tools like sievec and sieved are not compiled in this + case. + * Started implementation of enotify extension. Not anywhere near finished + though. + * Adapted to changes in Dovecot on various occasions, making this release + dependent on Dovecot >= v1.2.alpa4. + + Improved logging of errors at specific occasions and added debug messages to + find script execution problems quicker. + + Removed code duplication between command line tools and the test suite. + Also restructured the sources of the tools. + + Added UTF-8 to UTF-7 folder name conversion for compatibility with IMAP. + + Created man pages for the command line tools. These are automatically + installed upon 'make install' + + Incorporated Valgrind support into the testsuite and fixed a few memory + leaks in the process. + - Fixed compile error surfacing for gcc3.4. Forgot mask argument for the + open() system call when the O_CREAT flag is specified. Bug found by + Sergey Ivanov. + - Fixed bug in the sievec tool. -d output was always written to stdout. + - Fixed important bug in the imap4flags extension. When no :flags argument is + specified, the previous version would always use the final value of the + internal variable to set the flags. This means that modifications to the + internal variable also affected the bare fileinto/keep actions executed + earlier. This does not comply to the RFC. + - Fixed bug in the include extension's import/export commands. Duplicate + import/exports caused problems. + - Fixed bug in the handling of non-existent scripts. Errors were sometimes + ignored. + - Dovecot omitted unfolding multi-line headers. This was added to the cmusieve + plugin after the code was incorporated into the new implementation. This is + now mplicitly fixed by concurrent change in Dovecot. + +v0.1.0 23-10-2008 Stephan Bosch <stephan@rename-it.nl> + + * Initial release + +Dovecot ManageSieve NEWS history: +--------------------------------- + +Dovecot 1.2: + +v0.11.11: + * This release contains adjustments to match changes in the Sieve API. This + means that this release will only compile against Pigeonhole Sieve + v0.1.15. + + Implemented ManageSieve QUOTA enforcement. + + Added MAXREDIRECTS capability after login. + + Implemented new script name rules specified in most recent ManageSieve + draft. + - Fixed assertion failure occurring with challenge-response SASL mechanisms. + - Made configure complain about trying to compile against installed Dovecot + headers alone. + - Fixed compile warning for compilation against CMUSieve. + +v0.11.10: + * This release contains adjustments to match changes in the Sieve API. This + means that this release will only compile against Pigeonhole Sieve + v0.1.14. + - Fixed compilation of ManageSieve against CMUSieve. + +v0.11.9: + * Adjusted to changes in the Dovecot login proxy API. This release + therefore depends on Dovecot v1.2.4. + + Reintroduced ability to abort SASL with "*" response. Latest ManageSieve + specification includes it. + +v0.11.8: + - Fixed TLS support for proxying ManageSieve. The protocol state machine + was incorrect. Also added a check that disables ssl when 'starttls' is + not enabled for the user. This produces a proper warning in the log file. + There is no such thing as a managesieveS protocol which has SSL from the + start. + +v0.11.7: + * Adjusted to changes in the Dovecot login API. This release now depends on + Dovecot v1.2.1 or newer. + * Incorporated various small changes in IMAP into ManageSieve. This includes + properly enabling the generation of core dumps. + - The previous release implicitly resolved the FreeBSD script truncation + error. This release adds a small correction to the code that detects the + truncation. + - Fixed panic occurring when many errors are produced by the Sieve compiler + (bug found by Pascal Volk). + - Fixed memory leak in the PUTSCRIPT command. + +v0.11.6: + * Adjusted to changes in Dovecot regarding client idle timeout vs + authentication timeout. This release now depends on Dovecot v1.2.rc6 or + newer. + - Fixed CRLF line breaks in compile errors (bug reported by Pascal Volk). + - Corrected directory/file creation behavior with respect to mode bits + and gid (bug reported by Pascal Volk). + - Improved handling of script truncation bugs: connection is now closed and + an error is logged. bug itself not fixed yet). + - Prevented temp script name from showing up in error output. + +v0.11.5: + * Incorporated various changes from imap-login into managesieve-login. This + includes changes in the proxy support. + +v0.11.4: + * Adjusted to changes in the Dovecot signal handler API. + +v0.11.3: + * Changed the SASL service name from "managesieve" into "sieve" as required + in the protocol specification. Don't forget to adjust your configuration + if your authentication mechanism depends on this service name. + * Adapted to changes in Dovecot, making this release dependent on Dovecot + >= v1.2.beta1. + * Adapted to changes in the new Sieve implementation, making this release + dependent on Dovecot Sieve >= v0.1.3 if used. The old cmusieve plugin is + still supported. + + Implemented making the SIEVE and NOTIFY capability fully dynamic, meaning + that the sieve_extensions setting that was introduced for the new Sieve + plugin properly affects the ManageSieve daemon as well. + + Added support for the CHECKSCRIPT command. In terms of the supported + commands, the ManageSieve daemon now complies with protocol VERSION 1.0 as + listed in the CAPABILITY response. + - Fixed maximum permissions for uploaded scripts; was 0777. This + was shielded however by the default umask (not documented to be + configurable), so the actual permissions would never have been 0777. + - Fixed a segfault bug in the authentication time-out. Bug report and trace + provided by Wolfgang Friebel. + - Fixed handling of ~/ in use of mail-data for script location. + - Fixed small problems in the login proxy support. + +v0.11.2: + * Adapted to changes in Dovecot, making this release dependent on Dovecot + >= v1.2.alpa4. + +v0.11.1: + - Fixed security issue that gives virtual users the ability to read and + modify each other's scripts if the directory structure of the sieve + storage is known. + * Updated NOOP command to match new protocol specification + + Improved error handling and implemented the new response codes: + ACTIVE, NONEXISTENT, ALREADYEXISTS and WARNINGS + +v0.11.0: + * Upgraded to Dovecot v1.2 + * Added support for new ManageSieve extensions RENAME and NOOP + * Moved sieve settings to plugin {} section of config file. Now the settings + `sieve` and `sieve_dir` in the plugin section are used for the Sieve plugin + and the ManageSieve service, avoiding the posibility of accidental + differences in configuration. + +Dovecot 1.1: + +v0.10.3 + * Removed erroneous inline declarations that caused compiler warnings. GCC 4.3 + turns out to fail entirely as reported by Joel Johnson. + * Fixed auto-dectection of Sieve implementation during ./configure. It now + produces a proper error when the directory is invalid. + +v0.10.2 + * Fixed bug that caused SASL mechanisms that require more than a single client + response to fail. Reported by Steffen Kaiser and occured when he tried using + the (obsolete) LOGIN mechanism. + * Updated installation and configuration documentation to match the + information provided in the wiki + +v0.10.1 + * Fixed bug introduced in v0.10.0: compiled scripts were also written to disk + in the sieve/tmp directory and left there. This accumulates much .sievec + junk in that directory over time. + * Fixed bug in tmp file generation for sieve-storage: errors other than EEXIST + would cause the daemon to sleep() loop indefinitely. + + + Improved log lines to be more recognizable as being generated from + managesieve. + + Added short proxy configuration explanation to the README file + + Added 'Known Issues' section to the README file + - Fixed assert bug in sieve-storage occurring when save is canceled. + +v0.10.0 + * Upgraded to Dovecot 1.1: + - The actual managesieve implementation is now a separate package. + The dovecot tree still needs to be patched though to make dovecot + recognize the new managesieve service. + - Incorporated changes to imap/imap-login into the equivalent + managesieve processes. + - Removed cmusieve implementation from managesieve sources. It is + now linked externally from the dovecot-sieve-1.1 package. + - Restructured README.managesieve file into separate README, NEWS, + TODO, DESIGN and INSTALL files. + * Added support for new libsieve implementation (to be released). This + package can be compiled with either the new or the old Sieve + implementation (autodetected). If the new Sieve becomes stable, this + package will be merged with it to make a single package for Dovecot + Sieve support. + +Dovecot 1.0: + +v9 + ++ Definitively fixed the segfault mentioned in V8. It proved to be + very time-constrained and thus hard to reproduce. The error turned out + to be related to the input handling of the login daemon during + authentication. ++ Checked for changes in the imap daemon that weren't propagated to the + managesieve implementation due to code duplication. ++ Fixed a bug in the autodetection of the sieve storage location. ++ Fixed bug in the sieve storage that failed to refresh the symlink if + the storage was moved. ++ Improved error handing in the sieve-storage implementation in various + places. ++ Fixed the situation in which the active script link is located in the + sieve storage. ++ Added managesieve configuration to dovecot-example.conf and made the example + in this file more concise. + +v8 + ++ Fixed a few incompatibilities with 1.0.7 version. For instance, the "Logged + in" message is now sent by the -login process and not by the managesieve + daemon anymore. This caused a segfault every once in a while. ++ Probably fixed the settings problem reported by Steffen Kaiser regarding + login_dir. 'dovecot -n' now reports correct results, but testing will show + whether the whole problem is solved. ++ The managesieve daemon now accepts the sieve_storage and sieve configuration + settings, so it is now possible to explicitly configure the location of the + sieve storage and the active script respectively. The daemon still falls back + to using the mail_location (MAIL) settings if nothing else is specified. ++ The cyrus timsieved does not use the + character in string literals and many + clients have adopted to this behaviour. The latest managesieve (08) advises to + accept a missing + from clients. The server should not send any + characters + as well. This behavior is now implemented on the server. ++ Cleaned up sieve-storage.c: split up the sieve_storage_create function in + various sub-functions for obtaining the various paths and directories. ++ Forced manual intervention if rescueing a non-symlink file at the active script + path fails somehow. Previously, this presented the admin with a log message + that it had just eaten the script, which is not very nice. ++ Restructured the README.managesieve file and added some more explanation with + regard to the configuration of the daemon. + +v7 + +- Robin Breathe indicated that the regex capability was missing in the server's + SIEVE listing. It turns out I forgot to make arrangements for setting + ENABLE_REGEX in the cmu libsieve sources, so the regex extension was not + compiled in. I copied the configure.in section regarding ENABLE_REGEX from + dovecot-sieve-1.0.2 and that fixed the problem. + +v6 + +- Corked the client output stream while producing the capability greeting and on + other some other occasions as well. Some naive client implementations expect to + receive this as a single tcp frame and it is a good practice to do so anyway. + Using this change the Thunderbird sieve extension (v0.1.1) seemed to work. However, + scripts larger than a tcp frame still caused failures. All these issues are fixed + in the latest version of the sieve add-on (currently v0.1.4). +- Cleaned up the new proxy source. My editor made the indentation a complete mess + in terms of TABs vs spaces. +- Added TRYLATER response codes to BYE and NO messages where appropriate. +- Recopied the libsieve library into this patch to incorporate any changes that were + made (only sieve-cmu.c still needs to be compared to the old cmu-sieve.c). This + also solves the __attribute__((unused)) GCC dependencies. These were fixed long + ago by Timo.... the code duplication beast strikes again. +- Removed spurious return value from void function in + src/lib-sieve/sieve-implementation.c as reported by Robin Breathe. GCC fails to + report these issues. The function involved is currently not used and serves only + as an example on how dovecot could support multiple sieve backends... + +v5 + +- Applied patch by Uldis Pakuls to fix master_dump_settings bug +- Added some compilation/installation info to this README +- Moved README to source tree root as README.managesieve +- Fixed minor error handling bug in sieve_storage.c with respect to a missing + root directory. +- Now sieve capabilities are reported as they are specified by the implementing + library and not in forced upper case. The sieve RFC now explicitly states + that sieve capability identifiers are case-sensitive. This broke compatibility + with SquirrelMail/Avelsieve. +- Disabled ANONYMOUS login entirely until proper support is implemented. V4 + claimed to do so as well, but in fact it only stopped announcing it. +- Implemented managesieve-proxy. It is not so much a clean copy of imap-proxy, + since the managesieve greeting is much more complex and requires parsing. + Configuration is identical to imap-proxy. This seems to be a little under- + documented however (http://wiki.dovecot.org/PasswordDatabase/ExtraFields). + +v4 + +- Added managesieve_implementation_string setting to the managesieve + configuration. This can be used to customize the default "IMPLEMENTATION" + capability response. +- Denied ANONYMOUS login until proper support is implemented +- Fixed problem with authenticate command regarding continued responses. In + V3 only initial response would work. Problem was caused by rc2 -> rc28 + upgrade. One of the clear reasons why code duplication is a very bad idea. +- Fixed readlink bug as indicated by Timo: return value of readlink can also + be -1. +- Fixed bug in the regular file rescue code, as introduced in the previous + version. Used stat instead of lstat. This caused the symlink to be rescued + subsequently in the next activation, thus still overwriting the initially + rescued script. + +v3 + +- Updated source to compile with dovecot 1.0.rc27 +- Daemon now uses the same location for .dovecot.sieve as dovecot-lda + This is typically ~/.dovecot.sieve +- If .dovecot.sieve is a regular file, it is now moved into the script storage as + dovecot.orig.sieve, preventing deletion of (important) active scripts + upon upgrade. +- Changed error handling to yield a BYE message when the managesieve + daemon exits unexpectedly (upon login) before any commands are entered. + Horde-ingo would wait indefinitely for a response. + +v2 + +- Fixed the bug (missing CRLF) in the authenticate command +- Modified the sieve storage library making the interface much less crude. +- The scripts put on the server using the putscript command are now + checked before they are accepted. +- The reported SIEVE capability is now directly read from the sieve + implementation (in this case cmu), listing much more than "FILEINTO + VACATION". +- Imported instance of libsieve source into this patch for implementation + of script checking and capability listing. THIS NEEDS TO BE CHANGED! +- Fixed some minor bugs in the putscript command |