[dovecot/core] c42ec3: fts: Remove indentation from fts_mailbox_list_crea...
GitHub
noreply at github.com
Tue Apr 11 16:00:09 EEST 2017
Branch: refs/heads/master
Home: https://github.com/dovecot/core
Commit: c42ec3faf1c0d2bf65b8ef5e524d0c18992e7454
https://github.com/dovecot/core/commit/c42ec3faf1c0d2bf65b8ef5e524d0c18992e7454
Author: Aki Tuomi <aki.tuomi at dovecot.fi>
Date: 2017-04-11 (Tue, 11 Apr 2017)
Changed paths:
M src/plugins/fts/fts-storage.c
Log Message:
-----------
fts: Remove indentation from fts_mailbox_list_created
Preparation for next commit
Commit: 2bc82f0d7e717f600bcaaa15356cf9bfe26fb633
https://github.com/dovecot/core/commit/2bc82f0d7e717f600bcaaa15356cf9bfe26fb633
Author: Aki Tuomi <aki.tuomi at dovecot.fi>
Date: 2017-04-11 (Tue, 11 Apr 2017)
Changed paths:
M src/plugins/fts/fts-plugin.c
M src/plugins/fts/fts-storage.c
M src/plugins/fts/fts-storage.h
Log Message:
-----------
fts: Initialize fts after namespaces have been added
This way paths are correctly set, and fts indexes are
written to correct place. This affects mbox with lucene.
Fixes Panic: file mailbox-list.c: line 1158 (mailbox_list_try_mkdir_root): assertion failed (strncmp(root_dir, path, strlen(root_dir)) == 0)
Commit: 9464dc83df5da54457ff0b629d02e543e43d53bf
https://github.com/dovecot/core/commit/9464dc83df5da54457ff0b629d02e543e43d53bf
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-04-11 (Tue, 11 Apr 2017)
Changed paths:
M src/lib/strfuncs.c
M src/lib/strfuncs.h
M src/lib/test-strfuncs.c
Log Message:
-----------
lib: Add mem_equals_timing_safe()
Commit: f1d759d0b4860cac29b5077ee423f9de8bb7d300
https://github.com/dovecot/core/commit/f1d759d0b4860cac29b5077ee423f9de8bb7d300
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-04-11 (Tue, 11 Apr 2017)
Changed paths:
M src/auth/password-scheme.c
Log Message:
-----------
auth: Make plaintext password comparisons safe against timing attacks
Commit: 2656508b1a5782070c0f4d6d3dfe2ac54c964370
https://github.com/dovecot/core/commit/2656508b1a5782070c0f4d6d3dfe2ac54c964370
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-04-11 (Tue, 11 Apr 2017)
Changed paths:
M src/doveadm/client-connection.c
Log Message:
-----------
doveadm: Make doveadm_password safe against timing attacks.
Commit: e18b4e41d9718a199a1980688787c2743c870002
https://github.com/dovecot/core/commit/e18b4e41d9718a199a1980688787c2743c870002
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-04-11 (Tue, 11 Apr 2017)
Changed paths:
M src/auth/auth-request-handler.c
Log Message:
-----------
auth: Shuffle failed auth requests before sending the failure replies.
This might be helpful against some timing attacks.
Using Fisher–Yates shuffle.
Commit: ace06232cfa0e99ecca1040e8553b3216d025768
https://github.com/dovecot/core/commit/ace06232cfa0e99ecca1040e8553b3216d025768
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-04-11 (Tue, 11 Apr 2017)
Changed paths:
M src/auth/auth-master-connection.c
M src/auth/mech-apop.c
M src/auth/mech-cram-md5.c
M src/auth/mech-digest-md5.c
M src/auth/mech-gssapi.c
M src/auth/mech-ntlm.c
M src/auth/mech-rpa.c
M src/auth/mech-scram-sha1.c
M src/auth/password-scheme-pbkdf2.c
M src/auth/password-scheme-scram.c
M src/auth/password-scheme.c
Log Message:
-----------
auth: Use mem_equals_timing_safe() for all password hash comparisons.
It's unlikely these could be used to perform timing attacks, since the
attacker would have to have broken MD5/SHA badly enough to be able to
quickly generate string that result in wanted hashes. Still, the extra
cost is almost nothing and it's always better to be super paranoid!
Compare: https://github.com/dovecot/core/compare/38bf959348d9...ace06232cfa0
More information about the dovecot-cvs
mailing list