summaryrefslogtreecommitdiffstats
path: root/pigeonhole/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'pigeonhole/NEWS')
-rw-r--r--pigeonhole/NEWS1841
1 files changed, 1841 insertions, 0 deletions
diff --git a/pigeonhole/NEWS b/pigeonhole/NEWS
new file mode 100644
index 0000000..8c09177
--- /dev/null
+++ b/pigeonhole/NEWS
@@ -0,0 +1,1841 @@
+v0.5.21 2023-08-15 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ - sieve: Using the deleteheader action on a message with a broken/invalid
+ header can cause the Sieve interpreter to crash with an assert panic.
+ This can happen e.g. when the message is missing the empty EOH line
+ between the headers and the body of the message. Fixes:
+ Panic: file edit-mail.c: line 820 (edit_mail_headers_parse):
+ assertion failed: (body_offset > 0).
+ - sieve: Pigeonhole added an extra Message-ID header during mail
+ forwarding when the existing one was invalid. Now it adds the
+ Message-ID only if it is entirely missing. Existing Message-ID(s) are
+ left unchanged.
+
+v0.5.20 2022-12-12 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * No changes - release done to keep version numbers synced.
+
+v0.5.19 2022-05-10 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * No changes - release done to keep version numbers synced.
+
+v0.5.18 2022-02-03 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ - duplicate: Users without a home directory can crash with Sieve when
+ using duplicate database. v2.3.17 regression.
+ - imapsieve: When mail was expunged when processing imapsieve events, a
+ crash could occur. Fixes Panic: file mail-index-map.c:
+ line 558 (mail_index_map_lookup_seq_range): assertion failed: (first_uid > 0)
+ - managesieve-login: Proxy didn't support forwarding the forward_* passdb fields.
+ - redirect: Sieve would crash if redirect after keep-equivalent action failed.
+ - sieve: Interpreter crashes when the Sieve index extension is used with
+ index zero.
+ - vnd.dovecot.filter: Envelope sender string may become corrupted when
+ Sieve scripts are using vnd.dovecot.filter. This could end up
+ corrupting mbox's From line and return wrong envelope sender string in
+ Sieve tests.
+
+v0.5.17.1 2021-12-07 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ - managesieve: Dovecot failed to start if ssl_ca was too large.
+ - lib-sieve-tool: Binaries failed to run if ssl_ca was too large.
+
+v0.5.17 2021-10-28 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ - duplicate: The Sieve duplicate test is prone to false negatives when
+ the user receives many e-mails concurrently, meaning that duplicate
+ deliveries can still occur.
+ - fileinto: v2.3.16 regression: Sieve delivery crashes if mail is
+ delivered to non-existing and existing folder.
+ - imap-filter-sieve: v2.3.15 regression: The CPU limits on Sieve
+ execution are too easily exceeded in IMAP context (the IMAPSieve and
+ FILTER=SIEVE capabilities). Changed the default to unlimited CPU time
+ for IMAP context, since similar excessive resource usage can be caused
+ by other means as well. The CPU limits on Sieve scripts executed at
+ LDA/LMTP delivery are still enforced by default.
+ - redirect: The Sieve redirect action has protections against users
+ triggering mail loops. Unfortunately, the detection of a redirect mail
+ loop sometimes causes the message to get lost if no other Sieve action
+ is applied that delivers the message somewhere else.
+ - redirect: v2.3.16 regression: With certain Sieve scripts if redirect
+ fails due to temporary failure, the lmtp process may crash after the
+ delivery. Fixes:
+ Panic: file mail-user.c: line 229 (mail_user_deinit):
+ assertion failed: ((*user)->refcount == 1).
+
+v0.5.16 2021-08-06 Timo Sirainen <timo.sirainen@open-xchange.com>
+
+ * .dovecot.sieve.log file now includes year in the header.
+ * Change Sieve script result execution to delay definitive action
+ execution to the end of a successful Sieve script execution session.
+ This is part of an effort to solve problems with the Sieve duplicate
+ test. As a side-effect, some rare temporary-error cases yield
+ different results, in which partial failure is more likely.
+
+v0.5.15 2021-06-21 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * CVE-2020-28200: Sieve interpreter is not protected against abusive
+ scripts that claim excessive resource usage. Fixed by limiting the
+ user CPU time per single script execution and cumulatively over
+ several script runs within a configurable timeout period. Sufficiently
+ large CPU time usage is summed in the Sieve script binary and execution
+ is blocked when the sum exceeds the limit within that time. The block
+ is lifted when the script is updated after the resource usage times out.
+ * Disconnection log messages are now more standardized across services.
+ They also always now start with "Disconnected" prefix.
+ - managesieve: Commands pipelined together with and just after the
+ authenticate command cause these commands to be executed twice.
+
+v0.5.14 2021-03-04 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * IMAP FILTER command: cmd-filter-sieve - Do not allow NIL as
+ script name argument.
+
+v0.5.13 2021-01-04 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ - duplicate: The test was handled badly in a multiscript (sieve_before,
+ sieve_after) scenario in which an earlier script in the sequence with
+ a duplicate test succeeded, while a later script caused a runtime
+ failure. In that case, the message is recorded for duplicate tracking,
+ while the message may not actually have been delivered in the end.
+ - editheader: Sieve interpreter entered infinite loop at startup when
+ the "editheader" configuration listed an invalid header name. This
+ problem can only be triggered by the administrator.
+ - relational: The Sieve relational extension can cause a segfault at
+ compile time. This is triggered by invalid script syntax. The segfault
+ happens when this match type is the last argument of the test command.
+ This situation is not possible in a valid script; positional arguments
+ are normally present after that, which would prevent the segfault.
+ - sieve: For some Sieve commands the provided mailbox name is not
+ properly checked for UTF-8 validity, which can cause assert crashes at
+ runtime when an invalid mailbox name is encountered. This can be
+ caused by the user by writing a bad Sieve script involving the
+ affected commands ("mailboxexists", "specialuse_exists").
+ This can be triggered by the remote sender only when the user has
+ written a Sieve script that passes message content to one of the
+ affected commands.
+ - sieve: Large sequences of 8-bit octets passed to certain Sieve
+ commands that create or modify message headers that allow UTF-8 text
+ (vacation, notify and addheader) can cause the delivery or IMAP
+ process (when IMAPSieve is used) to enter a memory-consuming
+ semi-infinite loop that ends when the process exceeds its memory
+ limits. Logged in users can cause these hangs only for their own
+ processes.
+
+v0.5.11 2020-08-12 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * managesieve: managesieve_max_line_length setting is now a "size" type
+ instead of just number of bytes. This allows using e.g. "64k" as the
+ value.
+ - lib-sieve: When folding white space is used in the Message-ID header,
+ it is not stripped away correctly before the message ID value is used,
+ causing e.g. garbled log lines at delivery.
+
+v0.5.10 2020-03-06 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * imap_sieve_filter: Change result action logging to include IMAP UID
+ - vacation: Addresses were compared case-sensitively.
+
+v0.5.9 2019-12-04 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ + Added events for Sieve and ManageSieve, see
+ https://doc.dovecot.org/admin_manual/list_of_events/#pigeonhole
+ + Pigeonhole: Implement the Sieve "special-use" extension described in
+ RFC 8579.
+ - duplicate: Test only compared the handles which would cause
+ different values to be cached as the same duplicate test. Fix to also
+ compare the actual hashes.
+ - imap_sieve_filter: IMAP FILTER Command had various bugs in error
+ handling. Errors may have been duplicated for each email, errors
+ may have been missing entirely, command tag and ERRORS/WARNINGS
+ parameters were swapped.
+
+v0.5.8 2019-10-08 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ - Sieve may leak resources in rare cases when a redirect, vacation or
+ report action fails to send the message. This mainly applies when
+ Sieve is executed in IMAP context; i.e., for the IMAPSIEVE or
+ FILTER=SIEVE capabilities.
+
+v0.5.7.1 2019-07-23 Timo Sirainen <timo.sirainen@open-xchange.com>
+
+ - dsync: Sieve script syncing failed if mailbox attributes weren't
+ enabled.
+
+v0.5.7 2019-07-12 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ + vacation: Made the subject for the automatic response message produced
+ by the Sieve vacation action configurable. Both the default subject
+ (if the script defines none) and the subject template (e.g. used to
+ add a subject prefix) can be configured.
+ - dsync: dsync-replication does not synchronize Sieve scripts.
+ - imap_sieve_filter: Reduce FILTER=SIEVE verbosity over IMAP connection.
+ - testsuite: Pigeonhole testsuite segfaulted if it was compiled with
+ GCC 9
+
+v0.5.6 2019-04-30 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ + sieve: Redirect loop prevention is sometimes ineffective. Improve
+ existing loop detection by also recognizing the
+ X-Sieve-Redirected-From header in incoming messages and dropping
+ redirect actions when it points to the sending account. This header
+ is already added by the redirect action, so this improvement only
+ adds an additional use of this header.
+ - sieve: Prevent execution of implicit keep upon temporary failure
+ occurring at runtime.
+
+v0.5.5 2019-03-05 Stephan Bosch <stephan@rename-it.nl>
+
+ + IMAPSieve: Add new plugin/imapsieve_expunge_discarded setting which
+ causes messages discarded by an IMAPSieve script to be expunged
+ immediately, rather than only being marked as "\Deleted" (which is
+ still the default behavior).
+ - IMAPSieve: Fix panic crash occurring when a COPY command copies
+ messages from a virtual mailbox where the source messages originate
+ from more than a single real mailbox.
+ - imap4flags extension: Fix deleting all keywords. When the action
+ resulted in all keywords being removed, no changes were actually
+ applied.
+ - variables extension: Fix truncation of UTF-8 variable content. The
+ maximum size of Sieve variables was enforced by truncating the
+ variable string content bluntly at the limit, but this does not
+ consider UTF-8 code point boundaries. This resulted in broken UTF-8
+ strings. This problem also surfaced for variable modifiers, such as
+ the ":encodeurl" modifier provided by the Sieve "enotify" extension.
+ In that case, the resulting URI escaping could also be truncated
+ inappropriately.
+ - IMAPSieve, IMAP FILTER=SIEVE: Fix replacing a modified message. Sieve
+ scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context that
+ modify the message, stored the message a second time, rather than
+ replacing the originally stored unmodified message.
+ - Fix segmentation fault occurring when both the sieve_extprograms
+ plugin (for the Sieve interpreter) and the imap_filter_sieve plugin
+ (for IMAP) are loaded at the same time. A symbol was defined by both
+ plugins, causing a clash when both were loaded.
+
+v0.5.4 2018-11-23 Stephan Bosch <stephan@rename-it.nl>
+
+ * Adjustments to several changes in Dovecot v2.3.4 make this Pigeonhole
+ release dependent on that Dovecot release; it will not compile against
+ older Dovecot versions. And, conversely, you need to upgrade
+ Pigeonhole when upgrading Dovecot to v2.3.4.
+ * The changes regarding the default postmaster_address in Dovecot v2.3.4
+ mainly apply to Pigeonhole. The new default should work for all
+ existing installations, thereby fixing several reported v2.3/v0.5
+ migration problems.
+ - IMAP FILTER=SIEVE capability: Fix assert crash occurring when running
+ UID FILTER on a Sieve script with errors.
+
+v0.5.3 2018-10-01 Stephan Bosch <stephan@rename-it.nl>
+
+ - Fix assertion panic occurring when managesieve service fails to open
+ INBOX while saving a Sieve script. This was caused by a lack of
+ cleanup after failure.
+ - Fix specific messages causing an assert panic with actions that
+ compose a reply (e.g. vacation). With some rather weird input from the
+ original message, the header folding algorithm (as used for composing
+ the References header for the reply) got confused, causing the panic.
+ - IMAP FILTER=SIEVE capability: Fix FILTER SIEVE SCRIPT command parsing.
+ After finishing reading the Sieve script, the command parsing
+ sometimes didn't continue with the search arguments. This is a time-
+ critical bug that likely only occurs when the Sieve script is sent in
+ the next TCP frame.
+
+v0.5.2 2018-06-29 Stephan Bosch <stephan@rename-it.nl>
+
+ + Implement plugin for the a vendor-defined IMAP capability called
+ "FILTER=SIEVE". It adds the ability to manually invoke Sieve filtering
+ in IMAP. More information can be found in
+ doc/plugins/imap_filter_sieve.txt.
+ - The Sieve addess test caused an assertion panic for invalid addresses
+ with UTF-8 codepoints in the localpart. Fixed by properly detecting
+ invalid addresses with UTF-8 codepoints in the localpart and skipping
+ these like other invalid addresses while iterating addresses for the
+ address test.
+ - Make the length of the subject header for the vacation response
+ configurable and enforce the limit in UTF-8 codepoints rather than
+ bytes. The subject header for a vacation response was statically
+ truncated to 256 bytes, which is too limited for multi-byte UTF-8
+ characters.
+ - Sieve editheader extension: Fix assertion panic occurring when it is
+ used to manipulate a message header with a very large header field.
+ - Properly abort execution of the sieve_discard script upon error.
+ Before, the LDA Sieve plugin attempted to execute the sieve_discard
+ script when an error occurs. This can lead to the message being lost.
+ - Fix the interaction between quota and the sieve_discard script. When
+ quota was used together with a sieve_discard script, the message
+ delivery did not bounce when the quota was exceeded.
+
+v0.5.1 28-03-2018 Stephan Bosch <stephan@rename-it.nl>
+
+ - Explicitly disallow UTF-8 in localpart in addresses parsed from Sieve
+ script.
+ - editheader extension: Corrected the stream position calculations
+ performed while making the modified message available as a stream.
+ Pigeonhole Sieve crashed in LMTP with an assertion panic when the
+ Sieve editheader extension was used before the message was redirected.
+ Experiments indicate that the problem occurred only with LMTP and that
+ LDA is not affected.
+ - fileinto extension: Fix assert panic occurring when fileinto is used
+ without being listed in the require line, while the copy extension is
+ listed there. This is a very old bug.
+ - imapsieve plugin: Do not assert crash or log an error for messages
+ that disappear concurrently while applying Sieve scripts. This event
+ is now logged as a debug message.
+ - Sieve extprograms plugin: Large output from "execute" command crashed
+ delivery. Fixed buffering issue in code that handles output from the
+ external program.
+
+v0.5.0.1 05-01-2018 Stephan Bosch <stephan@rename-it.nl>
+
+ - imap4flags extension: Fix binary corruption occurring when
+ setflag/addflag/removeflag flag-list is a variable.
+ - sieve-extprograms plugin: Fix segfault occurring when used in
+ IMAPSieve context.
+
+v0.5.0 24-12-2017 Stephan Bosch <stephan@rename-it.nl>
+
+ * editheader extension: The implementation of header modifications is
+ heavily updated. Although the functionality has not changed, the
+ underlying code was updated to address several static analysis
+ warnings, runtime integer arithmetic warnings (Clang), and to match
+ updates in the Dovecot stream API.
+ + variables extension: Made the maximum scope and variable size
+ configurable.
+ + subaddress: Support multiple recipient_delimiters.
+ - enotify extension: mailto method: Fixed parsing of mailto URI with
+ only a header part.
+ - enotify plugin: mailto method: Make sure the "From:" header is set to
+ a usable address and not "(null)".
+ - Fixed writing address headers to outgoing messages. Sometimes headers
+ were MIME-encoded twice, yielding invalid results.
+
+v0.4.23 20-03-2018 Stephan Bosch <stephan@rename-it.nl>
+
+ - editheader extension: Corrected the stream position calculations
+ performed while making the modified message available as a stream.
+ Pigeonhole Sieve crashed in LMTP with an assertion panic when the
+ Sieve editheader extension was used before the message was redirected.
+ Experiments indicate that the problem occurred only with LMTP and that
+ LDA is not affected.
+ - fileinto extension: Fix assert panic occurring when fileinto is used
+ without being listed in the require line, while the copy extension is
+ listed there. This is a very old bug.
+ - imapsieve plugin: Do not log an error for messages that disappear
+ concurrently while applying Sieve scripts. This is a further
+ improvement on the imapsieve fix in the previous release (which fixed
+ a panic). This event is now logged as a debug message.
+
+v0.4.22 01-03-2018 Stephan Bosch <stephan@rename-it.nl>
+
+ - Fixed filesystem path handling problem: sieve plugin could have
+ assert-crashed with specific path lengths with: "Panic: file
+ realpath.c: line 86 (path_normalize): assertion failed: (npath_pos +
+ 1 < npath + asize)".
+ - Sieve extprograms plugin: Large output from "execute" command crashed
+ delivery. Fixed buffering issue in code that handles output from the
+ external program.
+ - editheader extension: Extensively reworked the low-level
+ implementation of adding and removing headers. This solves a few
+ integer arithmetic problems reported by Clang runtime checks, but also
+ improves code structure and reliability in general.
+ - imapsieve: Fix assert crash occurring when selected messages are
+ expunged concurrently by the time Sieve filter is to be applied.
+ - imap4flags extension: Fix binary byte-code corruption occurring when
+ the setflag, addflag, or removeflag command's flag-list is a variable.
+ - enotify extension: mailto method: Fixed parsing of mailto URI with
+ only a header part.
+ - enotify extension: mailto method: Make sure "From:" header is set to a
+ usable address and not "(null)".
+ - Fixed writing address headers to outgoing messages. It sometimes
+ erroneously applied another layer of MIME header encoding.
+
+v0.4.21 12-10-2017 Stephan Bosch <stephan@rename-it.nl>
+
+ * redirect action: Always set the X-Sieve-Redirected-From header to
+ sieve_user_email if configured. Before, it would use the envelope recipient
+ instead if available, which makes no sense if the primary e-mail address is
+ available.
+ + vacation extension: Allow ignoring the envelope sender while composing the
+ "To:" header for the reply. Normally, the "To:" header is composed from
+ the address found in the "Sender", "Resent-From" or "From" headers that is
+ equal to the envelope sender. If none is then found, the bare envelope
+ sender is used. This change adds a new setting
+ "sieve_vacation_to_header_ignore_envelope". With this setting enabled, the
+ "To:" header is always composed from those headers in the source message.
+ The new setting thus allows ignoring the envelope, which is useful e.g.
+ when SRS is used.
+ + vacation extension: Compose the "To:" header from the full sender address
+ found in the first "Sender:", "From:" or "Resent-From:" header. Before, it
+ would create a "To:" header without a phrase part. The new behavior is
+ nicer, since the reply will be addressed to the sender by name if possible.
+ - LDA Sieve plugin: Fixed sequential execution of LDAP-based scripts. A
+ missing LDAP-based script could cause the script sequence to exit earlier.
+ - sieve-filter: Removed the (now) duplicate utf8 to mutf7 mailbox name
+ conversion. This caused problems with mailbox names containing UTF-8
+ characters. The Dovecot API was changed years ago, but apparently
+ sieve-filter was never updated.
+
+v0.4.20 27-08-2017 Stephan Bosch <stephan@rename-it.nl>
+
+ + Made the retention period for redirect duplicate identifiers configurable.
+ For accounts that perform many redirects, the lda-dupes database could grow
+ to impractical sizes. Changed the default retention period from 24 to 12
+ hours.
+ - sieve-filter: Fixed memory leak: forgot to clean up script binary at end of
+ execution. Normally, this would merely be an inconsequential memory leak.
+ However, when the script comes from an LDAP storage, this would cause io
+ leak warnings.
+ - managesieve-login: Fixed handling of AUTHENTICATE command. A second
+ authenticate command would be parsed wrong. This problem was caused by
+ changes in the previous release.
+ - LDA Sieve plugin: Fixed minor memory leak caused by not cleaning up the
+ sieve_discard script.
+
+v0.4.19 26-06-2017 Stephan Bosch <stephan@rename-it.nl>
+
+ * This release adjusts Pigeonhole to several changes in the Dovecot API,
+ making it depend on Dovecot v2.2.31. Previous versions of Pigeonhole will
+ produce compile warnings with the recent Dovecot releases (but still work
+ ok).
+ - Fixed bug in handling of implicit keep in some cases. Implicit side-effects,
+ such as assigned flags, were not always applied correctly. This is in
+ essence a very old bug, but it was exposed by recent changes.
+ - include extension: Fixed segfault that (sometimes) occurred when the global
+ script location was left unconfigured.
+
+v0.4.18 12-04-2017 Stephan Bosch <stephan@rename-it.nl>
+
+ + imapsieve plugin: Implemented the copy_source_after rule action. When this
+ is enabled for a mailbox rule, the specified Sieve script is executed for
+ the message in the source mailbox during a "COPY" event. This happens only
+ after the Sieve script that is executed for the corresponding message in the
+ destination mailbox finishes running successfully.
+ + imapsieve plugin: Added non-standard Sieve environment items for the source
+ and destination mailbox.
+ - multiscript: The execution of the discard script had an implicit "keep",
+ rather than an implicit "discard".
+
+v0.4.17 26-02-2017 Stephan Bosch <stephan@rename-it.nl>
+
+ - LDA Sieve plugin: Fixed handling of an early explicit keep during
+ multiscript execution. Action side-effects and the message snapshot would be
+ lost at the final stage where the implicit keep is evaluated. This could
+ result in the IMAP flags assigned to the message to be forgotten or that
+ headers modified by the "editheader" extension would revert to their
+ original state.
+ - file script storage: Amended the up-to-date time stamp comparison for
+ on-disk binaries to include nanoseconds. This will fix problems occurring
+ when both binary and script are saved within the same second. This fix is
+ ineffective on older systems that have no support for nanoseconds in stat()
+ timestamps, which should be pretty rare nowadays.
+ - file script storage: Improve saving and listing permission error to include
+ more details.
+ - imapsieve plugin: Make sure "INBOX" is upper case in static mailbox rules.
+ Otherwise, the mailbox name would never match, since matching is performed
+ case-sensitively and Dovecot only returns the upper-cased "INBOX".
+ - imapsieve plugin: Fixed assert failure occurring when used with virtual
+ mailboxes.
+ - doveadm sieve plugin: Fixed crash when setting Sieve script via attribute's
+ string value.
+
+v0.4.16 30-10-2016 Stephan Bosch <stephan@rename-it.nl>
+
+ * Part of the Sieve extprograms implementation was moved to Dovecot, which
+ means that this release depends on Dovecot v2.2.26+.
+ * ManageSieve: The PUTSCRIPT command now allows uploading empty Sieve scripts.
+ There was really no good reason to disallow doing that.
+ + Sieve vnd.dovecot.report extension:
+ + Added a Dovecot-Reporting-User field to the report body, which contains
+ the e-mail address of the user sending the report.
+ + Added support for configuring the "From:" address used in the report.
+ + LDA sieve plugin: Implemented support for a "discard script" that is run
+ when the message is going to be discarded. This allows doing something other
+ than throwing the message away for good.
+ + Sieve vnd.dovecot.environment extension: Added vnd.dovecot.config.*
+ environment items. These environment items map to sieve_env_* settings from
+ the plugin {} section in the configuration. Such values can of course also
+ be returned from userdb.
+ + Sieve vacation extension: Use the Microsoft X-Auto-Response-Suppress header
+ to prevent unwanted responses from and to (older) Microsoft products.
+ + ManageSieve: Added rawlog_dir setting to store ManageSieve traffic logs.
+ This replaces at least partially the rawlog plugin (mimics similar IMAP/POP3
+ change).
+ - doveadm sieve plugin: synchronization: Prevent setting file timestamps to
+ unix epoch time. This occurred when Dovecot passed the timestamp as
+ 'unknown' during synchronization.
+ - Sieve exprograms plugin: Fixed spurious '+' sometimes returned at the end
+ of socket-based program output.
+ - imapsieve plugin: Fixed crash occurring in specific situations.
+ - Performed various fixes based on static analysis and Clang warnings.
+
+v0.4.15 07-07-2016 Stephan Bosch <stephan@rename-it.nl>
+
+ * vacation extension: The sieve_user_email setting is now used in the check
+ for implicit delivery.
+ - imapsieve plugin: For any mail transaction, the mailbox was opened a second
+ time, even if no mailbox rule matched. This was unintentional, useless and
+ caused problems when the imapsieve plugin was used with other plugins like
+ acl.
+ - extprograms plugin: Significantly improved error handling. No stream errors
+ were logged.
+ - extprograms plugin: Fixed bug in handling of result code from remote program
+ (script service).
+ - extprograms plugin: Connection to remote program service was not retried.
+ - Several small fixes based on static analysis.
+ - Fixed handling of quoted string localparts in email addresses.
+
+v0.4.14 26-04-2016 Stephan Bosch <stephan@rename-it.nl>
+
+ * The address test now allows specifying the X-Original-To header.
+ + Implemented the Sieve imapsieve extension and its IMAP counterpart
+ (RFC 6785) as a set of plugins. This allows running Sieve scripts at IMAP
+ activity, rather than at delivery. There are also facilities for the
+ familiar sieve_before/sieve_after administrator scripts. A user script is
+ defined for a mailbox using an IMAP METADATA entry, whereas administrator
+ scripts are configured using mailbox matching rules defined in the plugin
+ settings.
+ + Adjusted the Sieve ihave extension to allow capability tests to be performed
+ at runtime. This way, scripts can be written that work both at delivery and
+ from IMAP.
+ + Implemented support for runtime trace debugging. This means that detailed
+ information about which commands, actions and tests are performed is written
+ to a file. That file is created in the configured directory, but only if
+ that directory exists. This way, a particular user can be easily singled out
+ for debugging. This works much like the Dovecot rawlog facility. The trace
+ output is identical to what is produced using sieve-test with its "-t"
+ command line option.
+ + Added a "sieve_user_email" setting that configures the user's primary email
+ address. This is mainly useful to have a user email address available in
+ IMAP, where envelope data is unavailable.
+ + Implemented the dovecot-specific "vnd.dovecot.report" extension. This allows
+ sending report messages in the Message Abuse Reporting Format (RFC 5965).
+ - extprograms plugin: Fixed epoll() panic caused by closing the output FD
+ before the output stream.
+ - Made sure that the local part of a mail address is encoded properly using
+ quoted string syntax when it is not a dot-atom.
+
+v0.4.13 18-03-2016 Stephan Bosch <stephan@rename-it.nl>
+
+ * redirect action: Added the list-id header to the duplicate ID for mail loop
+ prevention. This means that the message sent directly to the user and the
+ message coming through the mailing list itself are treated as different
+ messages by the loop detection of the redirect command, even though their
+ Message-ID may be identical.
+ * Changed the Sieve number type to uint64_t, which means that Sieve numbers
+ can now technically range up to 2^64. Some other Sieve implementation
+ allowed this, making this change necessary for successful migration.
+ + Implemented the sieve_implicit_extensions setting. The extensions listed in
+ this setting do not need to be enabled explicitly using the Sieve "require"
+ command. This behavior directly violates the standard, but can be necessary
+ for compatibility with some existing implementations of Sieve. Do not use
+ this setting unless you really need to!
+ - redirect action: Made mail loop detection more robust by forcibly adding a
+ Message-ID header if it is missing.
+ - Prevent logging a useless "script not found" error message for LDAP scripts
+ for which the entry exists but no attribute containing a script. This is not
+ necessarily an error.
+ - extprograms plugin: Changed the communication channel between parent and
+ child process for a directly forked program from a socketpair to a double
+ pipe. Linux does not support /dev/stdin, /dev/stdout and friends for
+ sockets. For some shell program authors this may be confusing, so that is
+ why it is changed. When using the script service, these device nodes are
+ still not usable though.
+
+v0.4.12 06-02-2016 Stephan Bosch <stephan@rename-it.nl>
+
+ + Implemented the Sieve extracttext extension (RFC 5703; Section 7). It is now
+ possible to extract body text from a message into a variable.
+ * Increased ABI version due to changes in the Sieve interpreter's object
+ definitions.
+ - multiscript: Fixed bug in handling of (implicit) keep; final keep action was
+ always executed as though there was a failure. This caused the keep action
+ to revert back to the initial message, causing editheader actions to be
+ ignored.
+ - managesieve-login: Fixed proxy to allow SASL mechanisms other than PLAIN.
+ Before, the proxy would fail if the server did not support the PLAIN
+ mechanism.
+ - ldap storage: Prevent segfault occurring when assigning certain (global)
+ configuration options.
+
+v0.4.11 08-01-2016 Stephan Bosch <stephan@rename-it.nl>
+
+ - Sieve mime extension: Fixed the header :mime :anychild test to work properly
+ outside a foreverypart loop.
+ - Several fixes in message body part handling:
+ - Fixed assert failure occurring when text extraction is attempted on a
+ empty or broken text part.
+ - Fixed assert failure in handling of body parts that are converted to text.
+ - Fixed header unfolding for (mime) headers parsed from any mime part.
+ - Fixed trimming for (mime) headers parsed from any mime part.
+ - Fixed erroneous changes to the message part tree structure performed when
+ re-parsing the message.
+ - LDA Sieve plugin: Fixed logging of actions; sometimes the configured log
+ format was not followed.
+ - LDA Sieve plugin: Fixed bug in error handling of script storage
+ initialization.
+ - Sieve Extprograms plugin: Ignored ENOTCONN error in shutdown(fd, SHUT_WR)
+ call.
+ - Fixed duplication of discard actions in the script result. Each discard was
+ counted as a separate action, which means that action limit would be crossed
+ too early.
+ - Made sure that quota errors never get logged as errors in syslog.
+ - Fixed handling of implicit keep for a partially executed transaction that
+ yielded a temporary failure.
+ - Fixed handling of global errors. If master and user error handler were
+ identical, in some cases the log message could be lost.
+ - Fixed AIX compile issue in message body parser.
+
+v0.4.10 13-12-2015 Stephan Bosch <stephan@rename-it.nl>
+
+ + Implemented the Sieve mime and foreverypart extensions (RFC 5703). These
+ are fully implemented. The interaction with the editheader extension needs
+ some work, but this should not influence most uses; i.e., changes by the
+ editheader extension are not always visible using foreverypart/mime.
+ + Sieve body extension: Properly implemented the `:text' body transform. It
+ now extracts text for HTML message parts.
+ + Sieve enotify extension: mailto method: Implemented the
+ sieve_notify_mailto_envelope_from setting. This allows configuring the
+ source of the notification sender address for e-mail notifications. This is
+ similar to what already can be configured for redirect.
+ + Added a sieve_enabled (defaults to 'yes') setting that allows explicitly
+ disabling Sieve processing for particular users. This used to be possible by
+ setting `sieve=', but ever since the sieve_before, sieve_after and
+ sieve_default settings were added, this method was not reliable anymore.
+ - variables extension: Fixed handling of empty string by the `:length' set
+ modifier. An empty string yielded an empty string rather than "0".
+ - Fixed memory leak in the Sieve script byte code dumping facility. Extension
+ contexts were never actually freed.
+ - Fixed handling of implicit keep when the last Sieve script is a global one.
+ In that case the implicit keep action was executed in global context, which
+ could mean that trivial (quota) errors ended up in the system log file,
+ rather than the user log file.
+ - doveadm sieve plugin: Fixed crashes caused by incorrect context allocation
+ in the sieve command implementations.
+
+v0.4.9 04-10-2015 Stephan Bosch <stephan@rename-it.nl>
+
+ * Properly implemented checking of ABI version for Sieve interpreter plugins,
+ much like Dovecot itself does for plugins. This will prevent plugin ABI
+ mismatches.
+ + Implemented a vnd.dovecot.environment extension. This builds upon the
+ standard environment extension and adds a few more environment items, such
+ as username and default mailbox. It also creates a variables namespace so
+ that environment items can be accessed directly. I am still thinking about
+ more environment items that can be added.
+ + Sieve extprograms plugin: Made line endings of the input passed to the
+ external programs configurable. This can be configured separately for each
+ of the three extensions.
+ + ManageSieve: Implemented proxy XCLIENT support. This allows the proxy to
+ pass client information to the back-end.
+ - ManageSieve: Fixed an assert failure occurring when a client disconnects
+ during the GETSCRIPT command.
+ - doveadm sieve plugin: Fixed incorrect initialization of mail user. This
+ caused a few memory leaks.
+ - sieve-filter command line tool: Fixed handling of failure-related implicit
+ keep when there is an explicit default destination folder. This caused
+ message duplication.
+ - lib-sieve: Fixed bug in RFC5322 header folding. Words longer than the
+ optimal line length caused empty lines in the output, which would break the
+ resulting message header. This surfaced in References: headers with very
+ long message IDs.
+
+v0.4.8 15-05-2015 Stephan Bosch <stephan@rename-it.nl>
+
+ * LDA Sieve plugin: Dovecot changed the deliver_log_format setting to include
+ %{delivery_time}. This prompted changes in Pigeonhole that make this release
+ dependent on Dovecot v2.2.17.
+ + Implemented magic to make sieve_default script visible from ManageSieve
+ under a configurable name. This way, users can see the default rules, edit
+ them and store a private adjusted version. This could also be achieved by
+ copying the default script into the user's script storage, but updates to
+ the global sieve_default script would be ignored that way.
+ + ManageSieve: Implemented support for reporting command statistics at
+ disconnect. Statistics include the number of bytes and scripts uploaded/
+ downloaded/checked and the number of scripts deleted/renamed.
+ - Fixed problem in address test: erroneously decoded mime-encoded words in
+ address headers.
+ - extprograms plugin: Fixed failure occurring when connecting to script
+ service without the need to read back the output from the external program.
+ - Fixed bug in script storage path normalization occurring with relative
+ symbolic links below root.
+ - Fixed and updated various parts of the documentation
+ - ManageSieve: Used "managesieve" rather than "sieve" as login service name,
+ which means that all managesieve-specific settings where ignored.
+ - Managesieve: Storage quota was not always enforced properly for scripts
+ uploaded as quoted string. Nobody uses that, but it is allowed in the
+ specification and we support it, so it should work properly.
+
+v0.4.7 19-03-2015 Stephan Bosch <stephan@rename-it.nl>
+
+ * editheader extension: Made protection against addition and deletion of
+ headers configurable separately. Also, the `Received' and `Auto-Submitted'
+ headers are no longer protected against addition by default.
+ * Turned message envelope address parse errors into warnings.
+ * The interpreter now accepts non-standard domain names, e.g. containing '_'.
+ + Implemented the Sieve index extension (RFC 5260).
+ + Implemented support for the mboxmetadata and servermetadata extensions
+ (RFC 5490).
+ + Implemented new sieve commands for the doveadm command line utility. These
+ commands are currently limited to ManageSieve operations, but the other
+ current sieve tools will be migrated to doveadm in the near future as well.
+ + Added more debug output about binary up-to-date checking.
+ + Added script metadata to binary dump output.
+ - Fixed Sieve script binary up-to-date checking by normalizing the script
+ location.
+ - The Sieve interpreter now flushes the duplicate database during start phase
+ of result execution rather than commit phase. This makes sure locks on the
+ duplicate database are released as soon as possible, preventing contention.
+ - Performed a few optimizations in the lexical scanner of the language.
+ - Fixed bug in `:matches' match-type that made a pattern without
+ wildcards match as if there were a '*' at the beginning.
+ - Fixed crash in validation of the string parameter of the comparator tag.
+ - extprograms extension: Made sure supplemental group privileges are also
+ dropped. This was a problem reported by Debian lintian.
+ - Fixed bug in handling of binary errors for action side-effects and message
+ overrides.
+ - file script storage: Restructured storage initialization to address
+ backwards compatibility issues.
+ - dict script storage: Fixed small memory allocation bug.
+
+v0.4.6 02-11-2014 Stephan Bosch <stephan@rename-it.nl>
+
+ - After make distclean the distributed tarball would fail to recompile.
+ This causes problems for some distribution builds.
+
+v0.4.5 30-10-2014 Stephan Bosch <stephan@rename-it.nl>
+
+ + Added a Pigeonhole version banner to doveconf output. This way, future
+ bug reports will also include Pigeonhole version information.
+ - Fixed handling of implicit keep. Last version erroneously reported that
+ implicit keep succeeded after an earlier failure, while it in fact had
+ failed. Particularly occurred for mailbox quota errors.
+ - Fixed segfault occurring on SunOS systems when there is no active script.
+
+v0.4.4 28-10-2014 Stephan Bosch <stephan@rename-it.nl>
+
+ * Added support for Japanese mail addresses with dots at non-standard places
+ in localpart.
+ * Changed handling of ENOSPACE into a normal temporary failure and added
+ handling of ENOQUOTA as a user error.
+ * Restructured result execution, so that all actions which involve mail
+ storage are always committed before all others.
+ + Implemented support for generic Sieve storages. Using alternative storages
+ now also possible for sieve_before/sieve_after.
+ + Implemented storage driver for retrieving Sieve scripts from LDAP. This
+ currently cannot be used with ManageSieve.
+ + Implemented sieve_redirect_envelope_from setting, which allows configuring
+ the envelope sender of redirected messages.
+ - Fixed handling of mail storage errors occurring while evaluating the input
+ message.
+ - managesieve-login:
+ - Removed bogus ALERT response code returned for AUTHENTICATE command.
+ - Fixed handling of invalid initial response argument to AUTHENTICATE
+ command.
+ - Fixed handling of stream errors in lexical scanner.
+ - Fixed handling of SMTP errors. Permanent and temporary errors were mixed up.
+ - Fixed several problems reported by CLang 3.4.
+ - duplicate extension: Fixed erroneous compile error about conflicting tags
+ when `:handle' argument was used last.
+ - relational extension: Fixed error handling of `:value' match.
+ - editheader extension: Fixed header unfolding and header iteration.
+ - mailbox extension: Fixed the `:create' tag, which erroneously subscribed an
+ existing folder.
+ - extprograms plugin: Fixed handling of error codes.
+ - doveadm-sieve plugin: Fixed several bugs. Synchronization of symbolic link
+ in the file storage should now also work properly.
+
+v0.4.3 12-05-2014 Stephan Bosch <stephan@rename-it.nl>
+
+ * Editheader extension: Made control characters allowed for editheader, except
+ NUL. Before, this would cause a runtime error.
+ + Upgraded Dovecot-specific Sieve "vnd.dovecot.duplicate" extension to match
+ the new draft "duplicate" extension.
+ - Fixed sieve_result_global_log_error to log only as i_info in administrator
+ log (syslog) if executed from multiscript context.
+ - Sieve redirect extension: Adjusted loop detection to show leniency to resent
+ messages.
+ - Sieve include extension: Fixed problem with handling of duplicate includes
+ with different parameters :once or :optional.
+ - Sieve spamtest/virustest extensions: Tests were erroneously performed
+ against the original message. When used together with extprograms filter to
+ add the spam headers, the changes were not being used by the spamtest and
+ virustest extensions.
+ - Deprecated Sieve notify extension: Fixed segfault problems in message string
+ substitution.
+ - ManageSieve: Fixed active link verification to handle redundant path slashes
+ correctly.
+ - Sieve vacation extension:
+ - Fixed interaction of sieve_vacation_dont_check_recipient with
+ sieve_vacation_send_from_recipient setting.
+ - Fixed log message for discarded response.
+ - Sieve extprograms plugin:
+ - Forgot to disable the alarm() timeouts set for script execution.
+ - Fixed fd leak and handling of output shutdown.
+ - Fixed 'Bad filedescriptor' error occurring when disconnecting script
+ client.
+ - Made sure that programs are never forked with root privileges.
+
+v0.4.2 26-09-2013 Stephan Bosch <stephan@rename-it.nl>
+
+ * Incompatible change in Sieve doveadm plugin: the root attribute for
+ Sieve scripts is changed. Make sure that you update both sides of a dsync
+ setup simultaneously when Sieve is involved, otherwise synchronization will
+ likely fail.
+ + Added support for sending Sieve vacation replies with an actual sender,
+ rather than the default <> sender. Check the updated
+ doc/extensions/vacation.txt for more information.
+ - Fixed a binary code read problem in the `set' command of the Sieve variables
+ extension. Using the set command with a modifier and an empty string value
+ would cause code corruption problems while running the script.
+ - Various fixes for doveadm-sieve plugin, mostly crashes. These include a fix
+ for the `Invalid value for default sieve attribute' problem.
+ - Various fixes for compiler and static analyzer warnings, e.g. as reported
+ by CLang and on 32 bit systems.
+ - Fixed the implementation of the new :options flag for the Sieve include
+ extension.
+ - Fixed potential segfault bug at deinitialization of the lda-sieve plugin.
+ - Fixed messed up hex output for sieve-dump tool.
+
+v0.4.1 03-06-2013 Stephan Bosch <stephan@rename-it.nl>
+
+ + Added support for handling temporary failures. These are passed back to
+ LDA/LTMP to produce an appropriate response towards the MTA.
+ - Sieve storage: Removed PATH_MAX limitation for active symlink. This caused
+ problems for GNU/Hurd.
+ - Fixed line endings in X-Sieve headers added by redirect command.
+ - ManageSieve: Fixed '[' ']' stupidity for response codes (only happened
+ before login).
+ - Fixed setting name in example-config/conf.d/20-managesieve.conf.
+ - Sieve extprograms plugin: Fixed interaction between pipe command and remote
+ script service. The output from the script service was never read, causing a
+ broken pipe error at the script service. Apparently, this was broken since
+ the I/O handling for extprograms was last revised.
+ - Fixed assertion failure due to datastack problem in message header
+ composition.
+
+v0.4.0 09-05-2013 Stephan Bosch <stephan@rename-it.nl>
+
+ + Added doveadm-sieve plugin that provides the possibility to synch Sieve
+ scripts using doveadm sync along with the user's mailboxes.
+ + Added the Sieve extprograms plugin to the main Pigeonhole package. It is
+ still a plugin, but it is now included so that a separate compile is no
+ longer necessary and distributors are likely to include it. The extprograms
+ plugin provides Sieve language extensions that allows executing
+ (administrator-controlled) external programs for message delivery,
+ message filtering and string manipulation. Refer to
+ doc/plugins/sieve_extprograms.txt for more information.
+ + Added debug message showing Pigeonhole version at initialization. Makes it
+ very clear that the plugin is properly loaded.
+ + Finished implementation of the Sieve include extension. It should now
+ fully conform to RFC 6609. The main addition is the new :optional tag which
+ makes the include command ignore missing included scripts without an error.
+ + Finished implementation of the Sieve environment extension as much as
+ possible. Environment items "location", "phase" and "domain" now also
+ return a usable value.
+
+v0.3.6 26-09-2013 Stephan Bosch <stephan@rename-it.nl>
+
+ - Fixed a binary code read problem in the `set' command of the Sieve variables
+ extension. Using the set command with a modifier and an empty string value
+ would cause code corruption problems while running the script.
+ - Various fixes for compiler and static analyzer warnings, as reported
+ by CLang.
+ - ManageSieve: Fixed '[' ']' stupidity for response codes (only happened
+ before login).
+ - Fixed setting name in example-config/conf.d/20-managesieve.conf.
+ - Fixed messed up hex output for sieve-dump tool.
+
+v0.3.5 09-05-2013 Stephan Bosch <stephan@rename-it.nl>
+
+ - Sieve editheader extension: fixed interaction with the Sieve body extension.
+ If used together, the deleteheader action could fail after a body test was
+ performed.
+ - Test suite: fixed a time zone dependency in the Sieve date extension tests.
+
+v0.3.4 06-04-2013 Stephan Bosch <stephan@rename-it.nl>
+
+ * Changed error handling to be less of a nuisance for administrators. Strictly
+ user-caused errors are only reported in user log. Some errors are logged as
+ info instead.
+ * Sieve: Changed behavior of redirect in case of a duplicate message delivery
+ or a mail loop. If a duplicate is detected the implicit keep is canceled,
+ as though the redirect was successful. This prevents getting local
+ deliveries. The original SMTP recipient is used when it is available to
+ augment the entry in the LDA duplicate database. This way, duplicates are
+ only detected when (initially) addressed to the same recipient.
+ + Sieve vnd.dovecot.duplicate extension: added new features to the duplicate
+ test, making it possible to manually compose the key value for duplicate
+ checking. This extension is in the process of being standardized
+ (https://tools.ietf.org/html/draft-bosch-sieve-duplicate-01).
+ + Sieve date extension: generate warning when invalid date part is specified.
+ - Sieve editheader extension: fixed crash occurring when addheader :last was
+ used.
+ - Sieve include extension: fixed missing error cleanup that caused a resource
+ leak.
+ - Sieve vacation extension: fixed determination of From: address for when
+ sieve_vacation_dont_check_recipient is active.
+ - Sieve tools: the -D option wasn't enabled and documented for all tools.
+ - Siev dict script storage: fixed potential segfault occurring when dict
+ initialization fails.
+ - ManageSieve: fixed bug in skipping of CRLF at end of AUTHENTICATE command.
+ - ManageSieve: fixed handling of unkown commands pre-login.
+ - Fixed compile on Mageia Linux.
+
+v0.3.3 18-09-2012 Stephan Bosch <stephan@rename-it.nl>
+
+ - Fixed compile against installed Dovecot headers. This was broken by the
+ ld.gold fix in the previous release.
+
+v0.3.2 18-09-2012 Stephan Bosch <stephan@rename-it.nl>
+
+ + sieve-refilter tool: improved man page documentation by explicitly
+ specifying the syntax used for mailbox arguments.
+ + Sieve: spamtest and virustest extensions: improved trace debugging of score
+ calculation.
+ + Sieve: made error messages about exceeding the maximum number of actions
+ more verbose.
+ - Sieve tools: fixed problems with running as root: sievec and sieve-dump now
+ ignore mail_uid and mail_gid settings when run as root.
+ - Sieve: fixed bug in action accounting (for limit checking): increase action
+ instance count only when an action is actually created.
+ - Sieve: include extension: fixed namespace separation of :global and
+ :personal scripts.
+ - ManageSieve: fixed segfault bug triggered by CHECKSCRIPT command.
+ - Fixed linking with ld.gold.
+ - Fixed several Clang compile warnings and a few potential bugs.
+
+v0.3.1 25-05-2012 Stephan Bosch <stephan@rename-it.nl>
+
+ * Added support for retrieving Sieve scripts from dict lookup. This means that
+ Sieve scripts can now be downloaded from a database. Compiled script
+ binaries are still put on disk somewhere if used. The INSTALL documentation
+ is updated with information on this new feature and the
+ (backwards-compatible) changes to the configuration. Note that his feature
+ is currently not supported for sieve_before/sieve_after or script management
+ through ManageSieve.
+ + Incorporated the sieve_duplicate plugin into main Pigeonhole tree as a
+ normal extension (vnd.dovecot.duplicate). This Dovecot-specific extension
+ adds the ability to check for duplicate deliveries based on message ID.
+ Specification can be found in: doc/rfc/spec-bosch-sieve-duplicate.txt
+ + Added support for specifying multiple sieve_before and sieve_after paths.
+ This adds much more flexibility to the multiscript configuration. One
+ application is to have user-specific Sieve scripts outside the user's
+ normal control through ManageSieve.
+ + Added a "session ID" string for managesieve connections, available in
+ %{session} variable (analogous to Dovecot change).
+ - Fixed several small issues, including a few potential segfault bugs, based
+ on static source code analysis.
+ - ManageSieve: changed use of EPROTO error to EIO in ManageSieve string stream
+ implementation because it is apparently not known in BSD.
+ - Gave stamp.h.in (needed for autotools) some content to prevent it from
+ disappearing in patch files.
+ - Fixed bug that caused a SunStudio CC compile failure (reported by Piotr
+ Tarnowski).
+
+v0.3.0 16-02-2012 Stephan Bosch <stephan@rename-it.nl>
+
+ * Renamed sieve_global_path setting to sieve_default for clarity. Old name is
+ still recognized for backwards compatibility. Support for the ancient (pre
+ v1.1) name for this setting "global_script_path" is now dropped.
+ * Added means to prohibit use of redirect action. Setting sieve_max_redirects
+ to 0 now means that redirect is disallowed instead of unlimited. Default
+ value remains four.
+ * Fixed interaction of Sieve include extension with ManageSieve. It is updated
+ to match new requirements in the draft include specification. Missing
+ included scripts are no longer an error at upload time.
+ * Updated RFC2822 header field body verification to exclude non-printing
+ characters (RFC5322). Only Sieve actions that can create unstructured header
+ values (currently enotify/mailto and editheader) are affected by this
+ change.
+ + Completed sieve-filter tool to a useful state. The sieve-filter tool
+ provides a means to (re)filter messages in a mailbox through a Sieve script.
+ + Implemented the Sieve editheader extension. It is now possible to add and
+ remove message headers from within Sieve.
+ + ManageSieve: added support for reading quoted and literal strings as a
+ stream. Fixes support for handing large SASL responses (analogous to similar
+ changes in Dovecot). It is now also allowed to use a quoted string for the
+ PUTSCRIPT script argument.
+ + Added code to cleanup tmp directory in Sieve storage directory (sieve_dir)
+ every once in a while.
+ + Added support for substituting the entire message during Sieve processing.
+ This is used for the filter action provided by the new sieve_extprograms
+ plugin (provided separately for now). The filter action allows passing the
+ message through an external program.
+ + Added support for restricting certain Sieve language extensions to
+ (admin-controled) global scripts. Restricted extensions can be configured
+ using the new sieve_global_extensions setting. This is particularly useful
+ for some of the Dovecot-specific (plugin-based) Sieve extensions, that can
+ be somewhat hazardous when under direct control of users (e.g.
+ sieve_extprograms).
+
+v0.2.6 13-02-2012 Stephan Bosch <stephan@rename-it.nl>
+
+ * This release fixes unintentional behavior of the include extension. Included
+ scriptnames with a name like "name.sieve" would implicitly map to a script
+ file called "name.sieve" and not "name.sieve.sieve". Keep in mind that the
+ .sieve file extension has no meaning from within the Sieve language. A Sieve
+ script is always stored with an appended .sieve file extension, also when
+ the name already ends with a .sieve suffix.
+ IMPORTANT: Some installations have relied on this unintentional feature, so
+ check your script includes for issues before upgrading.
+ * Matched changes regarding auth_verbose setting in Dovecot. This means that
+ this release will only compile against Dovecot v2.0.18.
+ - Fixed problem in ManageSieve that caused it to omit a WARNINGS response code
+ when the uploaded script compiled with warnings.
+ - Made sure that locations of Sieve error never report `line 0'.
+ - Fixed potential segfault occurring when interpreter initialization fails.
+
+v0.2.5 19-11-2011 Stephan Bosch <stephan@rename-it.nl>
+
+ + Sieve vacation extension: made discard message for implicit delivery more
+ verbose
+ - The sieve-test tool: mixed up original and final envelope recipient in
+ implementation of command line arguments.
+ - Sieve vacation extension: resolved FIXME regarding the use of variables in
+ the :handle argument. Variables are now handled correctly.
+ - Sieve body extension: fixed handling of :content "message/rfc822". This now
+ yields the headers of the embedded message as required by the specification.
+ Handling of :content "multipart" remains to be fixed.
+ - LDA Sieve plugin: fixed problem with recipient_delimiter configuration. Now
+ falls back to global recipient_delimiter setting if
+ plugin/recipient_delimiter is not set.
+
+v0.2.4 13-09-2011 Stephan Bosch <stephan@rename-it.nl>
+
+ + Vacation extension: finally added support for using the original recipient
+ in vacation address check. It is also possible to disable the recipient
+ address check entirely. Check doc/vacation.txt for configuration
+ information.
+ + Include extension: made limits on the include depth and the total number of
+ included scripts configurable. Check doc/include.txt for configuration
+ information.
+ + Implemented ihave extension. This allows checking for the availability
+ of Sieve language extensions at 'runtime'. Actually, this is checked
+ at compile time. At runtime the interpreter checks whether extensions
+ that were not previously available are still unavailable. If the situation
+ changed, the script is re-compiled and the ihave tests are evaluated again.
+ + Sieve: optimized compilation of tests that yield constant results (i.e.
+ known at compile tme), such as 'true' and 'false'. No code is produced
+ anymore for script sections that are never executed. Also, semantics
+ are not verified anymore in uncompiled script sections.
+ + Made vnd.dovecot.debug extension available to the LDA plugin instead of
+ only the command line tools.
+ + Sieve: redirect action now adds X-Sieve-Redirected-From header (mainly for
+ people using SPF/SRS).
+ - Sieve: fixed bug in handling flags and keywords; in case of error an
+ assertion was triggered.
+ - Script storage: improved handling of unconfigured user home directory.
+ Originally this would produce an unhelpful error message.
+ - Imap4flags extension: prevent forcibly enabling imap4flags when imapflags
+ is enabled.
+ - Fixed various -Wunused-but-set-variable compiler warnings.
+ - Include extension: forgot to check variable identifier syntax for 'global'
+ command.
+ - Sieve: fixed debug mode; no messages were logged in some situations.
+ - sievec tool: forgot to enable -D (debug) parameter.
+
+v0.2.3 14-04-2011 Stephan Bosch <stephan@rename-it.nl>
+
+ * Sieve filter tool: finished implementing basic functionality. It is not
+ quite ready yet, but it is available for those willing to experiment
+ with it (needs --with-unfinished-features config to compile). Also
+ includes man page.
+ + Vacation extension now inhibits replies to messages from sender listed
+ in :addresses, thus preventing replies to one of the user's other known
+ addresses.
+ + Vacation extension: implemented the (draft) vacation-seconds extension.
+ This also adds min/max period configuration settings. Refer to
+ doc/vacation.txt for configuration information.
+ - ManageSieve: fixed bug in UTF-8 checking of string values. This is done
+ by discarding the original implementation and migrating to the Dovecot
+ API's UTF-8 functionality.
+ - Sieve command line tools now avoid initializing the mail store unless
+ necessary. This prevents sievec and sieve-dump from failing when
+ executed by root for example.
+ - Enotify extension: fixed inappropriate return type in mailto URI parse
+ function, also fixing ARM compiler warning.
+ - Vacation extension: fixed handling of sendmail errors. It produced an
+ additional confusing success message in case of error.
+ - Removed header MIME-decoding to fix erroneous address parsing. Applies to
+ address test and vacation command.
+ - Fixed segfault bug in extension configuration, triggered when unknown
+ extension is mentioned in sieve_extensions setting.
+
+v0.2.2 06-12-2010 Stephan Bosch <stephan@rename-it.nl>
+
+ * LDA Sieve plugin: started using Dovecot LDA reject API for the reject
+ extension. This means that the LDA reject_reason and reject_subject
+ settings now also work for Pigeonhole's LDA Sieve plugin.
+ * Did some work on the new sieve-filter tool. It is mostly functional, but
+ it is not finished yet.
+ * Dovecot change: services' default vsz_limits weren't being enforced
+ correctly in earlier v2.0 releases. Now that they are enforced, you might
+ notice that the default limits are too low and you need to increase them.
+ This problem will show up in logs as "out of memory" errors. See
+ default_vsz_limit and service { vsz_limit } settings.
+ - Imap4flags: fixed segfault bug occurring in multiscript context.
+ - Added version checking to the ManageSieve settings plugin. This plugin was
+ forgotten when the LDA plugin was updated with this change in the previous
+ release.
+ - LDA Sieve plugin: fixed memory leak at deinitialization.
+
+v0.2.1 27-09-2010 Stephan Bosch <stephan@rename-it.nl>
+
+ + Incorporated distinction between original and final envelope recipient in
+ Sieve interpreter, as recently introduced in Dovecot.
+ + Regex extension: added support for regex keys composed from variables.
+ - LDA Sieve plugin: added _version symbol to enable Dovecot's plugin version
+ check. Without this check, people can forget to recompile the plugin, which
+ can lead to unexpected effects.
+ - LDA Sieve plugin: turned debug message about an unconfigured home directory
+ into a proper error and added script path information.
+ - Fixed unnecessary reporting of dummy extensions in ManageSieve SIEVE
+ capability; the comparator-i;octet and comparator-i;ascii-numeric
+ 'extensions' were reported explicitly.
+
+v0.2.0 10-09-2010 Stephan Bosch <stephan@rename-it.nl>
+
+ * Merged Sieve and ManageSieve packages into a single Pigeonhole package.
+ There is also no need to patch Dovecot anymore to gain ManageSieve support.
+ Version numbering of previous Sieve releases is continued as v0.2.0. The
+ sources originally branched off from Sieve v0.1.5 and ManageSieve v0.11.4,
+ but the NEWS history of much more recent releases for Dovecot v1.2 is
+ included since these changes are all included in this release as well.
+ * The ManageSieve service now binds to TCP port 4190 by default due to the
+ IANA port assignment for the ManageSieve service. When upgrading from v1.2,
+ this should be taken into account. The service can be configured manually to
+ listen on both 2000 and 4190.
+ * The Dovecot configuration now calls the ManageSieve protocol 'sieve' in
+ stead of 'managesieve' because it is registered as such with IANA. The
+ binaries and the services are still called managesieve and
+ managesieve-login.
+ * The binary representation of a compiled Sieve script is updated to include
+ source code locations of all commands and arguments. This is implemented in
+ a similar manner as such debug information is included in some system
+ executables and libraries (DWARF-like). Run-time errors can now always refer
+ to the proper line number in the Sieve source script.
+ * The Sieve plugin is adapted to work properly with the new LMTP service
+ introduced with Dovecot v2.0. The same plugin is used for both LDA and LMTP.
+ * The 'sieve_subaddress_sep' setting for the Sieve subaddress extension is now
+ known as 'recipient_delimiter'. Although the deprecated sieve_subaddress_sep
+ setting is still recognized for backwards compatibility, it is recommended
+ to update the setting to the new name, since the new LMTP service also uses
+ the recipient_delimiter setting.
+ * ManageSieve: changed default IMPLEMENTATION capability to from 'Dovecot' to
+ 'Dovecot Pigeonhole'.
+ * Renamed the sieved tool to sieve-dump. The original name was somewhat
+ confusing.
+ * Updated man pages to match style and structure of new Dovecot man pages.
+ * Made testsuite commands more uniform and cleaned up many of the testsuite
+ scripts. Some minor new tests were added in the process.
+ + Simplified string matching API to use abstract string lists as data sources.
+ This will also make implementing the index extension easier in the future.
+ + Significantly improved trace debugging with the sieve-test tool. The full
+ execution of the script can be examined, including the matched values and
+ keys of the respective Sieve test commands. The executed statements are
+ listed with their line number (and code address when requested). The level
+ of detail is configurable from the command line.
+ + The SIEVE and NOTIFY capabilities reported by the ManageSieve protocol can
+ now be configured manually. If left unconfigured, the capabilities are
+ determined from the default Sieve and ManageSieve configuration.
+ User-specific capabilities aren't reported until after authentication.
+ + Significantly improved file error handling. This means that administrators
+ get a more useful and informative log message when file operations fail. The
+ most notable example is that when the LDA Sieve plugin is trying to store a
+ binary for a global script, the resulting failure message also points the
+ administrator towards pre-compiling the script with sievec.
+ + Added runtime argument value checking for several commands (redirect, date
+ vacation). When variables are used, these checks cannot be performed at
+ compiletime. A proper runtime error now is produced when invalid data is
+ encountered.
+ + UTF8 validity of fileinto command argument is now checked either at compile
+ time or at runtime. Previously, it was not checked until the store action
+ was executed.
+ + Validity of IMAP flags for the imap4flags extension is now checked also
+ at runtime. Previously, it was not checked until the store action was
+ executed.
+ + Simplified and restructured error handling. Also made sure that user-caused
+ errors are no longer written to the Dovecot master/LDA log.
+ - Multiscript: fixed duplicate implicit keep caused by erroneous execution
+ state update.
+ - Prevented assertion failure due to currupt binary string representation.
+ If the string was missing a final \0 character an assertion was produced in
+ stead of a binary corruption error.
+ - Imap4flags: fixed bug in setflag command; when parameter was a stringlist,
+ only the last item was actually set.
+ - Variables extension: fixed :length set modifier to recognize utf8 characters
+ instead of octets.
+ - Testsuite: prevented innocent warning messages, i.e. those that are part of
+ the test, from showing up by default.
+ - ManageSieve/Sieve storage: fixed error handling of PUTSCRIPT commmand; save
+ commit errors would not make the command fail.
+ - ManageSieve: enforced protocol syntax better with some of the commands; some
+ commands allowed spurious extra arguments.
+ - Fixed Sieve script name checking to properly handle length limit and added
+ 0x00ff as invalid character.
+ - Removed spurious old stdio.h (top) includes; these caused compile issues on
+ specific systems.
+ - Fixed default Sieve capability (as reported by ManageSieve): extra
+ extensions spamtest, spamtestplus and virustest were enabled by default.
+ These should, however, only be enabled when properly configured and there
+ is no default configuration.
+
+(Fused Dovecot Sieve and ManageSieve packages into a single Pigeonhole release)
+
+Dovecot Sieve NEWS history:
+---------------------------
+
+Dovecot 1.2:
+
+v0.1.17 19-06-2010 Stephan Bosch <stephan@rename-it.nl>
+
+ - Made sure source code positions for compiler messages are recorded at start
+ of tokens.
+ - Fixed a few potential memory leaks in the Sieve compiler and the
+ spam/virustest extensions.
+ - Made command line tools return proper exit status upon failure.
+
+v0.1.16 30-04-2010 Stephan Bosch <stephan@rename-it.nl>
+
+ * Finished implementation of spamtest, spamtestplus and virustest extensions.
+ These are not enabled by default and need to be activated with the
+ sieve_extensions setting. Documentation available in
+ doc/spamtest-virustest.txt
+ + Vacation extension: the from address of the generated reply is now by
+ default equal to whatever known recipient alias matched the headers of the
+ message. If it is one of the aliases specified with :addresses, it is used
+ instead of the envelope recipient address that was used before.
+ + Restructured and optimized the lexical scanner.
+ + Added --with-docs configure option to allow disabling installation of
+ documentation.
+ - Accidentally omitted 'extern' in two declarations of global variables in
+ header files, causing compile failures on certain systems.
+ - Deprecated imapflags extension: fixed implicit assignment of flags. Turns
+ out this never really worked, but the effect of this bug was obscured by the
+ removeflag bug fixed in the previous release.
+ - Fixed various memset argument mixups in enotify extension. This caused
+ warnings on certain systems, but luckily no adverse effects at runtime.
+
+v0.1.15 25-01-2010 Stephan Bosch <stephan@rename-it.nl>
+
+ * Enotify extension:
+ - Adjusted notify method API for addition of new notification methods.
+ - Set default importance level to 'normal' (was 'high').
+ * Include extension: updated implementation towards most recent specification
+ (all should be backwards compatible):
+ - Implemented global variables namespace.
+ - Global command may now appear anywhere in a script.
+ - Implemented script name checking using the requirements specified in the
+ ManageSieve draft.
+ - One issue remains: ManageSieve currently requires included scripts to be
+ uploaded first, which is not according to specification.
+ * Changed envelope path parser to allow to and from envelope addresses that
+ have no domain part.
+ + Added preliminary support for Sieve plugins and added support for installing
+ Sieve development headers.
+ + Started work on the implementation of the spamtest, spamtestplus and
+ virustest extensions (unfinished).
+ + Deprecated notify extension: implemented denotify command.
+ + Variables extension: added support for variable namespaces.
+ + Added configurable script size limit. Compiler will refuse to compile files
+ larger than sieve_max_script_size.
+ + Testsuite changes:
+ - Added support for changing and testing an extension's configuration.
+ - Added a command line parameter for copying errors to stderr.
+ - Fixed a bug in the i;ascii-numeric comparator. If one of the strings started
+ with a non-digit character, the comparator would always yield less-than.
+ - Imap4flags extension: fixed bug in removeflag: removing a single flag failed
+ due to off-by-one error (bug report by Julian Cowley).
+ - Improved EACCES error messages for stat() and lstat() syscalls and slightly
+ improved error messages that may uccur when saving a binary.
+ - Vacation extension: fixed typo in runtime log message (patch by Julian
+ Cowley).
+ - Fixed use of minus '-' in man pages; it is now properly escaped.
+ - Fixed parser recovery. In particular cases it would trigger spurious errors
+ after an initial valid error and sometimes additional errors were
+ inappropriately ignored.
+
+v0.1.14 19-12-2009 Stephan Bosch <stephan@rename-it.nl>
+
+ * Made the imposed limits on the number of redirects and the number of
+ actions configurable. The settings are called sieve_max_actions and
+ sieve_max_redirects.
+ * Did a major rework of extension handling, making sure that no global state
+ is maintained. This change was triggered by problems that global state info
+ would cause for Dovecot v2.0, but it is also important for v1.2 as it
+ significantly cleans up the library implementation.
+ + Made LDA Sieve plugin recognize the deliver_log_format setting.
+ + Message headers produced from user-supplied data are now RFC2047-encoded if
+ necessary for outgoing messages. This is for example important for the
+ :subject argument of the vacation action.
+ + Added support for the $text$ substitution in the deprecated notify
+ extension.
+ + The subaddress extension now also accepts recipient_delimiter setting as an
+ alias for sieve_subaddress_sep setting. This anticipates the
+ recipient_delimiter setting in v2.0.
+ - Fixed logging of mailbox names. It logged the converted mUTF7 version in
+ stead of the original UTF8 version supplied by the user.
+ - Fixed a minor memory leak in the multiscript support.
+ - Fixed a bug in the recompilation of Sieve scripts. Made sure that scripts
+ are only recompiled when the script file - or the symlink pointing to it -
+ is strictly newer.
+
+v0.1.13 18-10-2009 Stephan Bosch <stephan@rename-it.nl>
+
+ + Body extension: implemented proper handling of the :raw transform and added
+ various new tests to the test suite. However, :content "multipart" and
+ :content "message/rfc822" are still not working.
+ + Fixed race condition occurring when multiple instances are saving the same
+ binary (patch by Timo Sirainen).
+ + Test suite: added support for testing multiscript execution.
+ - Made compiler more lenient towars missing CRLF at the end of the script in a
+ hash comment.
+ - Body extension: don't give SKIP_BODY_BLOCK flag to message parser, we want
+ the body! (patch by Timo Sirainen).
+ - Fixed handling of implicit side effects for multiscript execution.
+ - Fixed bugs in multiscript support; subsequent keep actions were not always
+ merged correctly and implicit side effects were not always handled
+ correctly.
+ - Fixed a segfault bug in the sieve-test tool occurring when compile fails.
+ - Fixed segfault bug in action procesing. It was triggered while merging side
+ effects in duplicate actions.
+ - Fixed bug in the Sieve plugin that caused it to try to stat() a NULL path,
+ yielding a 'Bad address' error.
+
+v0.1.12 21-08-2009 Stephan Bosch <stephan@rename-it.nl>
+
+ + Testsuite: added support for testing binaries stored on disk.
+ + Implemented the new date extension. This allows matching against date values
+ in header fields and the current date at the time of script evaluation.
+
+v0.1.11 08-08-2009 Stephan Bosch <stephan@rename-it.nl>
+
+ + Built skeleton implementation for the date extension (RFC 5260). It
+ compiles, but it does not do anything useful yet. Therefore, it is not part
+ of the default compilation.
+ - Fixed ARM portability issues caused by char type not being signed on that
+ platform. Reading optional operands from a binary would fail for action side
+ effects. Also, an accidental mixup of an int return type with bool caused
+ the interpreter to continue on ARM even though an error occured.
+ - Removed direct stdint.h includes to prevent portability issues.
+ - Fixed segfault bug in the handling of script open failures.
+ - Include: improved user error messages and system log messages.
+ - Fixed copy-paste mixup between sieve_after and sieve_before settings in the
+ LDA Sieve plugin. If only a sieve_after script was active, nothing would
+ have been executed. Patch by Mike Abbott.
+ - Include: fixed a bug in HOME substitution in the sieve_dir path. Surfaced in
+ ManageSieve.
+
+v0.1.10 03-08-2009 Stephan Bosch <stephan@rename-it.nl>
+
+ * Changed action execution of fileinto and keep. These changes depend on API
+ additions in Dovecot, making this release depend on Dovecot v1.2.2 or newer.
+ * Further developed the sieve-filter command line tool. This required a few
+ changes to the action execution of the Sieve engine. The tool was
+ successfully tested on folders with a few 100k spam messages. However, the
+ commandline options are still incomplete, a man page is missing and it needs
+ much more testing before I can recommend anyone to use this tool.
+ + Added support for the mailbox extension. This allows checking whether a
+ mailbox exists using the mailboxexists command and it adds the :create
+ argument to the fileinto command to create the mailbox when it is missing.
+ The :create feature is useless unless the Deliver LDA is run with the -n
+ option.
+ + Improved the testsuite with tests for message delivery. Messages stored
+ using keep and fileinto can be fed back into the Sieve engine for
+ verification. This includes testing of applied IMAP flags.
+ + Updated the man pages with the new method of specifying the supported
+ extensions using + and - (for the -x parameter of the sieve tools)
+ + Further developed the deprecated notify extension. A dummy for the denotify
+ command exists, meaning that its use does not cause an error anymore.
+ - Fixed a bug in the derivation of the binary path from the script path. A
+ bare filename would yield a path relative to root.
+ - Fixed a bug in the value matching code. The context data now uses a proper
+ pool instead of the data stack. Bug reported by Jan Sechser.
+ - Fixed assertion fail in the include extension caused by missing
+ initialization upon binary load. This bug surfaces only for stored
+ binaries. Bug reported by Tom Hendrikx.
+ - Fixed include error message for failed :global include. It mentioned the
+ wrong config parameter.
+ - Fixed broken wiki reference in an error message of the plugin about the
+ 'sieve' setting.
+ - Fixed behavior of fileinto when delivering into a namespace prefix.
+ Previous fix used the wrong storage.
+
+v0.1.9 22-07-2009 Stephan Bosch <stephan@rename-it.nl>
+
+ * Removed the unfinished sieve-filter tool from the default build. It is now
+ only built when the --with-unfinished-features switch is supplied during
+ configure.
+ + Started building support for the ereject version of the reject action,
+ which has a preference to use an SMTP/LMTP protocol error instead of a
+ bounce message. This is to be used to make the Sieve plugin honour Deliver's
+ -e parameter. This is not yet finished and not built by default.
+ + Improved 'Permission denied' error messages just like Dovecot does,
+ precisely specifying what permission is missing to access or create a file.
+ + Added additional headers to the list of allowed headers for the address
+ test. The restrictive nature of the address test is not always appropriate.
+ Still thinking of a better, less restrictive implementation.
+ + Made the deprecated notify extension compatible with the old CMUSieve
+ plugin. However, the denotify command and the $text$ substitution are not
+ yet supported.
+ + Made the discard action log a message to avoid confusion about disappearing
+ messages.
+ - Fixed behavior of fileinto when delivering into a namespace prefix. It now
+ uses silent delivery into INBOX as fallback.
+ - Fixed logging of folder namespace prefix upon delivery into a prefixed
+ namespace. Formerly it only logged the bare folder name.
+ - Fixed a potential segfault in the argument validation. It didn't surface
+ because no command could have a :tag followed by an associated parameter as
+ last argument.
+ - Fixed segfault bug occurring in envelope test when performed on null (<>)
+ envelope path. The fix involves a rather large restructuring of the code to
+ make sure envelope addresses are properly handled everywhere (bug reported
+ by Nikita Koshikov)
+ - Envelope: fixed bug in application of address parts; failure to obtain
+ the part would cause inappropriate match success (bug reported by Ron Lee)
+ - Fixed extension conflict checks during validation. It could sometimes
+ produce useless errormessages. This is currently only used by the
+ deprecated extensions.
+ - Forgot to remove old explicit storage library dependency (patch by
+ Arkadiusz Miskiewicz).
+ - Fixed compiler warnings on certain platforms regarding the use fwrite for
+ outgoing message construction
+
+v0.1.8 12-07-2009 Stephan Bosch <stephan@rename-it.nl>
+
+ - Fixed AIX compile problem. For portability, the typeof operator is
+ not used anymore.
+ + Added partial support for the deprecated notify extension. However, it
+ turns out that the implementation provided by cmusieve is even older (2001),
+ meaning that this is currently not backwards compatible with cmusieve.
+
+v0.1.7 05-07-2009 Stephan Bosch <stephan@rename-it.nl>
+
+ + Added support for CRLF line breaks in strbuf error handler to fix a
+ ManageSieve problem.
+ + Improved consistency of sieve tool documentation and fixed missing
+ parameters in internal tool help output.
+ + Enhanced extensions configuration, allowing to specify the enabled
+ extensions relatively to the default (patch by Steffen Kaiser).
+ - Forgot to initialize script execution status in Sieve plugin, causing
+ segfaults on compile errors in specific conditions.
+ - Fixed logging in Sieve plugin for execution of default main script (went
+ to STDERR).
+
+v0.1.6 18-06-2009 Stephan Bosch <stephan@rename-it.nl>
+
+ * Adjusted to changes in Dovecot to make it compile against v1.2.rc5
+ * Made default of sieve_dir setting match the ManageSieve implementation.
+ - Fixed a few problems in de body extension that caused assert failures in
+ specific situations.
+
+v0.1.5 18-04-2009 Stephan Bosch <stephan@rename-it.nl>
+
+ * Ported the implementation of the Sieve include extension to the latest
+ draft. This means that the import and export commands are replaced by a new
+ command called global. The import and export commands are now DEPRICATED and
+ are mere aliases for the global command. The new specification also adds the
+ :once modifier to the include command. The also newly specified global.*
+ variable namespace is not implemented yet as support for variable namespaces
+ is currently missing.
+ * Did a major rework of the multiscript support for better error handling and
+ made sure that persistent global scripts (sieve_before/sieve_after) are
+ always executed, even when the user does not have a script of his own and
+ a global default is missing.
+ + Provided basic support for the environment extension. Currenly, the name,
+ version and host items are useful. Others are pending.
+ + Improved error message that is presented when an unknown Sieve extension is
+ provided as argument to the require command. It now notifies the user that
+ Sieve core commands do not need to be specified in require.
+ - Fixed bug in includes at levels deeper than one.
+ - Fixed bug in address matching that was caused by the failure to handle group
+ specifications. In dovecot, these are marked by address items with NULL
+ elements, which causes a segfault if not considered. The group 'undisclosed-
+ recipients:;' in particular triggered this bug. Bug reported by Bernhard
+ Schmidt.
+
+v0.1.4 21-03-2009 Stephan Bosch <stephan@rename-it.nl>
+
+ * Started work on the sieve-filter tool. With this command line tool it will
+ be possible to (re-)apply Sieve filters on a mail folder. It is currently
+ undocumented and far from functional.
+ + Added a custom debug extension that provides the possibility to print debug
+ messages from scripts executed by the Sieve tools.
+ - Fixed issue with opening relative paths as a mail file. Bug reported by Ian
+ P. Christian.
+ - Fixed MAC OSX compile problem. Turns out the extern modifier was missing at
+ multiple places. Bug reported by Edgar Fuss.
+ - Fixed Solaris compile problem: removed unecessary and unportable linker
+ flags that caused compile to fail. Bug reported by Andrés Yacopino.
+
+v0.1.3 12-02-2009 Stephan Bosch <stephan@rename-it.nl>
+
+ * Adapted to changes in Dovecot, making this release dependent on Dovecot
+ >= 1.2.beta1
+ * Made mail address comparison fully case-insensitive. This is particularly
+ noticeable for the :addresses argument of the vacation command.
+ + Finished enotify extension. Currently, only the mailto notification method
+ is implemented. All still needs to be tested thoroughly.
+ + Implemented multiscript support. It is now possible to execute multiple
+ Sieve scripts sequentially. Administrator-controlled scripts can be
+ executed before and after the user's script. Still needs to be tested
+ thoroughly.
+ + Implemented support for configuring the available Sieve extensions.
+ + Made the subaddress extension (partially) configurable using the
+ sieve_subaddress_sep setting, which allows specifying a (multi-charater)
+ separator other than '+'.
+ + Compiler now warns about invalid header field names used for the header and
+ address tests.
+ + Vacation extension now properly generates a References header for the
+ response message.
+ + Added testing of basic result execution to the test suite. Also added
+ supportfor testing the outgoing messages produced by the Sieve interpreter.
+ + Included execution of the actual result in the sieve-test command line tool.
+ The undocumented sieve-exec tool that existed for this is now removed as
+ planned.
+ + Added support for the now obsolete 'imapflags' extension for backwards
+ compatibility with CMUSieve. This also implements the mark/unmark commands.
+ - Fixed bugs in the regex extension: 1) if an optional match value did not in
+ fact match, subsequent match values would get unexpected indexes. 2) fixed
+ segfault bug occurring when regex is freed.
+ - Fixed bug in the use of the :from agrument for the vacation command. If this
+ address included a phrase part, the response would not be a valid RFC822
+ message.
+ - Plugged a theoretical security hole occurring when a directory is opened as a
+ Sieve binary.
+ - Cleaned up and fixed various log messages.
+ - Fixed bug in the outgoing address verification. Addresses ending in ',' were
+ erroneously accepted.
+
+v0.1.2 26-11-2008 Stephan Bosch <stephan@rename-it.nl>
+
+ - Fixed important bug in the redirect action (and probably other actions like
+ reject and vacation that only send messages). This was a bug in the handling
+ of context information during the execution of actions. It caused the sieve
+ interpreter to crash with a segfault when redirect was executed.
+
+v0.1.1 24-11-2008 Stephan Bosch <stephan@rename-it.nl>
+
+ * Re-enabled support for compiling against dovecot headers. Much like
+ cmusieve, command line tools like sievec and sieved are not compiled in this
+ case.
+ * Started implementation of enotify extension. Not anywhere near finished
+ though.
+ * Adapted to changes in Dovecot on various occasions, making this release
+ dependent on Dovecot >= v1.2.alpa4.
+ + Improved logging of errors at specific occasions and added debug messages to
+ find script execution problems quicker.
+ + Removed code duplication between command line tools and the test suite.
+ Also restructured the sources of the tools.
+ + Added UTF-8 to UTF-7 folder name conversion for compatibility with IMAP.
+ + Created man pages for the command line tools. These are automatically
+ installed upon 'make install'
+ + Incorporated Valgrind support into the testsuite and fixed a few memory
+ leaks in the process.
+ - Fixed compile error surfacing for gcc3.4. Forgot mask argument for the
+ open() system call when the O_CREAT flag is specified. Bug found by
+ Sergey Ivanov.
+ - Fixed bug in the sievec tool. -d output was always written to stdout.
+ - Fixed important bug in the imap4flags extension. When no :flags argument is
+ specified, the previous version would always use the final value of the
+ internal variable to set the flags. This means that modifications to the
+ internal variable also affected the bare fileinto/keep actions executed
+ earlier. This does not comply to the RFC.
+ - Fixed bug in the include extension's import/export commands. Duplicate
+ import/exports caused problems.
+ - Fixed bug in the handling of non-existent scripts. Errors were sometimes
+ ignored.
+ - Dovecot omitted unfolding multi-line headers. This was added to the cmusieve
+ plugin after the code was incorporated into the new implementation. This is
+ now mplicitly fixed by concurrent change in Dovecot.
+
+v0.1.0 23-10-2008 Stephan Bosch <stephan@rename-it.nl>
+
+ * Initial release
+
+Dovecot ManageSieve NEWS history:
+---------------------------------
+
+Dovecot 1.2:
+
+v0.11.11:
+ * This release contains adjustments to match changes in the Sieve API. This
+ means that this release will only compile against Pigeonhole Sieve
+ v0.1.15.
+ + Implemented ManageSieve QUOTA enforcement.
+ + Added MAXREDIRECTS capability after login.
+ + Implemented new script name rules specified in most recent ManageSieve
+ draft.
+ - Fixed assertion failure occurring with challenge-response SASL mechanisms.
+ - Made configure complain about trying to compile against installed Dovecot
+ headers alone.
+ - Fixed compile warning for compilation against CMUSieve.
+
+v0.11.10:
+ * This release contains adjustments to match changes in the Sieve API. This
+ means that this release will only compile against Pigeonhole Sieve
+ v0.1.14.
+ - Fixed compilation of ManageSieve against CMUSieve.
+
+v0.11.9:
+ * Adjusted to changes in the Dovecot login proxy API. This release
+ therefore depends on Dovecot v1.2.4.
+ + Reintroduced ability to abort SASL with "*" response. Latest ManageSieve
+ specification includes it.
+
+v0.11.8:
+ - Fixed TLS support for proxying ManageSieve. The protocol state machine
+ was incorrect. Also added a check that disables ssl when 'starttls' is
+ not enabled for the user. This produces a proper warning in the log file.
+ There is no such thing as a managesieveS protocol which has SSL from the
+ start.
+
+v0.11.7:
+ * Adjusted to changes in the Dovecot login API. This release now depends on
+ Dovecot v1.2.1 or newer.
+ * Incorporated various small changes in IMAP into ManageSieve. This includes
+ properly enabling the generation of core dumps.
+ - The previous release implicitly resolved the FreeBSD script truncation
+ error. This release adds a small correction to the code that detects the
+ truncation.
+ - Fixed panic occurring when many errors are produced by the Sieve compiler
+ (bug found by Pascal Volk).
+ - Fixed memory leak in the PUTSCRIPT command.
+
+v0.11.6:
+ * Adjusted to changes in Dovecot regarding client idle timeout vs
+ authentication timeout. This release now depends on Dovecot v1.2.rc6 or
+ newer.
+ - Fixed CRLF line breaks in compile errors (bug reported by Pascal Volk).
+ - Corrected directory/file creation behavior with respect to mode bits
+ and gid (bug reported by Pascal Volk).
+ - Improved handling of script truncation bugs: connection is now closed and
+ an error is logged. bug itself not fixed yet).
+ - Prevented temp script name from showing up in error output.
+
+v0.11.5:
+ * Incorporated various changes from imap-login into managesieve-login. This
+ includes changes in the proxy support.
+
+v0.11.4:
+ * Adjusted to changes in the Dovecot signal handler API.
+
+v0.11.3:
+ * Changed the SASL service name from "managesieve" into "sieve" as required
+ in the protocol specification. Don't forget to adjust your configuration
+ if your authentication mechanism depends on this service name.
+ * Adapted to changes in Dovecot, making this release dependent on Dovecot
+ >= v1.2.beta1.
+ * Adapted to changes in the new Sieve implementation, making this release
+ dependent on Dovecot Sieve >= v0.1.3 if used. The old cmusieve plugin is
+ still supported.
+ + Implemented making the SIEVE and NOTIFY capability fully dynamic, meaning
+ that the sieve_extensions setting that was introduced for the new Sieve
+ plugin properly affects the ManageSieve daemon as well.
+ + Added support for the CHECKSCRIPT command. In terms of the supported
+ commands, the ManageSieve daemon now complies with protocol VERSION 1.0 as
+ listed in the CAPABILITY response.
+ - Fixed maximum permissions for uploaded scripts; was 0777. This
+ was shielded however by the default umask (not documented to be
+ configurable), so the actual permissions would never have been 0777.
+ - Fixed a segfault bug in the authentication time-out. Bug report and trace
+ provided by Wolfgang Friebel.
+ - Fixed handling of ~/ in use of mail-data for script location.
+ - Fixed small problems in the login proxy support.
+
+v0.11.2:
+ * Adapted to changes in Dovecot, making this release dependent on Dovecot
+ >= v1.2.alpa4.
+
+v0.11.1:
+ - Fixed security issue that gives virtual users the ability to read and
+ modify each other's scripts if the directory structure of the sieve
+ storage is known.
+ * Updated NOOP command to match new protocol specification
+ + Improved error handling and implemented the new response codes:
+ ACTIVE, NONEXISTENT, ALREADYEXISTS and WARNINGS
+
+v0.11.0:
+ * Upgraded to Dovecot v1.2
+ * Added support for new ManageSieve extensions RENAME and NOOP
+ * Moved sieve settings to plugin {} section of config file. Now the settings
+ `sieve` and `sieve_dir` in the plugin section are used for the Sieve plugin
+ and the ManageSieve service, avoiding the posibility of accidental
+ differences in configuration.
+
+Dovecot 1.1:
+
+v0.10.3
+ * Removed erroneous inline declarations that caused compiler warnings. GCC 4.3
+ turns out to fail entirely as reported by Joel Johnson.
+ * Fixed auto-dectection of Sieve implementation during ./configure. It now
+ produces a proper error when the directory is invalid.
+
+v0.10.2
+ * Fixed bug that caused SASL mechanisms that require more than a single client
+ response to fail. Reported by Steffen Kaiser and occured when he tried using
+ the (obsolete) LOGIN mechanism.
+ * Updated installation and configuration documentation to match the
+ information provided in the wiki
+
+v0.10.1
+ * Fixed bug introduced in v0.10.0: compiled scripts were also written to disk
+ in the sieve/tmp directory and left there. This accumulates much .sievec
+ junk in that directory over time.
+ * Fixed bug in tmp file generation for sieve-storage: errors other than EEXIST
+ would cause the daemon to sleep() loop indefinitely.
+
+ + Improved log lines to be more recognizable as being generated from
+ managesieve.
+ + Added short proxy configuration explanation to the README file
+ + Added 'Known Issues' section to the README file
+ - Fixed assert bug in sieve-storage occurring when save is canceled.
+
+v0.10.0
+ * Upgraded to Dovecot 1.1:
+ - The actual managesieve implementation is now a separate package.
+ The dovecot tree still needs to be patched though to make dovecot
+ recognize the new managesieve service.
+ - Incorporated changes to imap/imap-login into the equivalent
+ managesieve processes.
+ - Removed cmusieve implementation from managesieve sources. It is
+ now linked externally from the dovecot-sieve-1.1 package.
+ - Restructured README.managesieve file into separate README, NEWS,
+ TODO, DESIGN and INSTALL files.
+ * Added support for new libsieve implementation (to be released). This
+ package can be compiled with either the new or the old Sieve
+ implementation (autodetected). If the new Sieve becomes stable, this
+ package will be merged with it to make a single package for Dovecot
+ Sieve support.
+
+Dovecot 1.0:
+
+v9
+
++ Definitively fixed the segfault mentioned in V8. It proved to be
+ very time-constrained and thus hard to reproduce. The error turned out
+ to be related to the input handling of the login daemon during
+ authentication.
++ Checked for changes in the imap daemon that weren't propagated to the
+ managesieve implementation due to code duplication.
++ Fixed a bug in the autodetection of the sieve storage location.
++ Fixed bug in the sieve storage that failed to refresh the symlink if
+ the storage was moved.
++ Improved error handing in the sieve-storage implementation in various
+ places.
++ Fixed the situation in which the active script link is located in the
+ sieve storage.
++ Added managesieve configuration to dovecot-example.conf and made the example
+ in this file more concise.
+
+v8
+
++ Fixed a few incompatibilities with 1.0.7 version. For instance, the "Logged
+ in" message is now sent by the -login process and not by the managesieve
+ daemon anymore. This caused a segfault every once in a while.
++ Probably fixed the settings problem reported by Steffen Kaiser regarding
+ login_dir. 'dovecot -n' now reports correct results, but testing will show
+ whether the whole problem is solved.
++ The managesieve daemon now accepts the sieve_storage and sieve configuration
+ settings, so it is now possible to explicitly configure the location of the
+ sieve storage and the active script respectively. The daemon still falls back
+ to using the mail_location (MAIL) settings if nothing else is specified.
++ The cyrus timsieved does not use the + character in string literals and many
+ clients have adopted to this behaviour. The latest managesieve (08) advises to
+ accept a missing + from clients. The server should not send any + characters
+ as well. This behavior is now implemented on the server.
++ Cleaned up sieve-storage.c: split up the sieve_storage_create function in
+ various sub-functions for obtaining the various paths and directories.
++ Forced manual intervention if rescueing a non-symlink file at the active script
+ path fails somehow. Previously, this presented the admin with a log message
+ that it had just eaten the script, which is not very nice.
++ Restructured the README.managesieve file and added some more explanation with
+ regard to the configuration of the daemon.
+
+v7
+
+- Robin Breathe indicated that the regex capability was missing in the server's
+ SIEVE listing. It turns out I forgot to make arrangements for setting
+ ENABLE_REGEX in the cmu libsieve sources, so the regex extension was not
+ compiled in. I copied the configure.in section regarding ENABLE_REGEX from
+ dovecot-sieve-1.0.2 and that fixed the problem.
+
+v6
+
+- Corked the client output stream while producing the capability greeting and on
+ other some other occasions as well. Some naive client implementations expect to
+ receive this as a single tcp frame and it is a good practice to do so anyway.
+ Using this change the Thunderbird sieve extension (v0.1.1) seemed to work. However,
+ scripts larger than a tcp frame still caused failures. All these issues are fixed
+ in the latest version of the sieve add-on (currently v0.1.4).
+- Cleaned up the new proxy source. My editor made the indentation a complete mess
+ in terms of TABs vs spaces.
+- Added TRYLATER response codes to BYE and NO messages where appropriate.
+- Recopied the libsieve library into this patch to incorporate any changes that were
+ made (only sieve-cmu.c still needs to be compared to the old cmu-sieve.c). This
+ also solves the __attribute__((unused)) GCC dependencies. These were fixed long
+ ago by Timo.... the code duplication beast strikes again.
+- Removed spurious return value from void function in
+ src/lib-sieve/sieve-implementation.c as reported by Robin Breathe. GCC fails to
+ report these issues. The function involved is currently not used and serves only
+ as an example on how dovecot could support multiple sieve backends...
+
+v5
+
+- Applied patch by Uldis Pakuls to fix master_dump_settings bug
+- Added some compilation/installation info to this README
+- Moved README to source tree root as README.managesieve
+- Fixed minor error handling bug in sieve_storage.c with respect to a missing
+ root directory.
+- Now sieve capabilities are reported as they are specified by the implementing
+ library and not in forced upper case. The sieve RFC now explicitly states
+ that sieve capability identifiers are case-sensitive. This broke compatibility
+ with SquirrelMail/Avelsieve.
+- Disabled ANONYMOUS login entirely until proper support is implemented. V4
+ claimed to do so as well, but in fact it only stopped announcing it.
+- Implemented managesieve-proxy. It is not so much a clean copy of imap-proxy,
+ since the managesieve greeting is much more complex and requires parsing.
+ Configuration is identical to imap-proxy. This seems to be a little under-
+ documented however (http://wiki.dovecot.org/PasswordDatabase/ExtraFields).
+
+v4
+
+- Added managesieve_implementation_string setting to the managesieve
+ configuration. This can be used to customize the default "IMPLEMENTATION"
+ capability response.
+- Denied ANONYMOUS login until proper support is implemented
+- Fixed problem with authenticate command regarding continued responses. In
+ V3 only initial response would work. Problem was caused by rc2 -> rc28
+ upgrade. One of the clear reasons why code duplication is a very bad idea.
+- Fixed readlink bug as indicated by Timo: return value of readlink can also
+ be -1.
+- Fixed bug in the regular file rescue code, as introduced in the previous
+ version. Used stat instead of lstat. This caused the symlink to be rescued
+ subsequently in the next activation, thus still overwriting the initially
+ rescued script.
+
+v3
+
+- Updated source to compile with dovecot 1.0.rc27
+- Daemon now uses the same location for .dovecot.sieve as dovecot-lda
+ This is typically ~/.dovecot.sieve
+- If .dovecot.sieve is a regular file, it is now moved into the script storage as
+ dovecot.orig.sieve, preventing deletion of (important) active scripts
+ upon upgrade.
+- Changed error handling to yield a BYE message when the managesieve
+ daemon exits unexpectedly (upon login) before any commands are entered.
+ Horde-ingo would wait indefinitely for a response.
+
+v2
+
+- Fixed the bug (missing CRLF) in the authenticate command
+- Modified the sieve storage library making the interface much less crude.
+- The scripts put on the server using the putscript command are now
+ checked before they are accepted.
+- The reported SIEVE capability is now directly read from the sieve
+ implementation (in this case cmu), listing much more than "FILEINTO
+ VACATION".
+- Imported instance of libsieve source into this patch for implementation
+ of script checking and capability listing. THIS NEEDS TO BE CHANGED!
+- Fixed some minor bugs in the putscript command