[dovecot/core] d9ce43: fts: Remove indentation from fts_mailbox_list_crea...

GitHub noreply at github.com
Thu Apr 13 01:30:13 EEST 2017 

  Branch: refs/heads/master-2.2
  Home:   https://github.com/dovecot/core
  Commit: d9ce4356f7e551f44f619aa0640b53628385f902
      https://github.com/dovecot/core/commit/d9ce4356f7e551f44f619aa0640b53628385f902
  Author: Aki Tuomi <aki.tuomi at dovecot.fi>
  Date:   2017-04-13 (Thu, 13 Apr 2017)

  Changed paths:
    M src/plugins/fts/fts-storage.c

  Log Message:
  -----------
  fts: Remove indentation from fts_mailbox_list_created

Preparation for next commit


  Commit: 8b4fe6f864dc41cfe1b427cef5554723ebdeb395
      https://github.com/dovecot/core/commit/8b4fe6f864dc41cfe1b427cef5554723ebdeb395
  Author: Aki Tuomi <aki.tuomi at dovecot.fi>
  Date:   2017-04-13 (Thu, 13 Apr 2017)

  Changed paths:
    M src/plugins/fts/fts-plugin.c
    M src/plugins/fts/fts-storage.c
    M src/plugins/fts/fts-storage.h

  Log Message:
  -----------
  fts: Initialize fts after namespaces have been added

This way paths are correctly set, and fts indexes are
written to correct place. This affects mbox with lucene.

Fixes Panic: file mailbox-list.c: line 1158 (mailbox_list_try_mkdir_root): assertion failed (strncmp(root_dir, path, strlen(root_dir)) == 0)


  Commit: 31191949dcbd0138a03d0a7f687cdbba531f96aa
      https://github.com/dovecot/core/commit/31191949dcbd0138a03d0a7f687cdbba531f96aa
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2017-04-13 (Thu, 13 Apr 2017)

  Changed paths:
    M src/lib/strfuncs.c
    M src/lib/strfuncs.h
    M src/lib/test-strfuncs.c

  Log Message:
  -----------
  lib: Add mem_equals_timing_safe()


  Commit: 4e11e0a485dcc43cd30f7ea305ebc9718f5ec7f7
      https://github.com/dovecot/core/commit/4e11e0a485dcc43cd30f7ea305ebc9718f5ec7f7
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2017-04-13 (Thu, 13 Apr 2017)

  Changed paths:
    M src/auth/password-scheme.c

  Log Message:
  -----------
  auth: Make plaintext password comparisons safe against timing attacks


  Commit: fb7a68e3fcec6b4a9d75fae746970515c1d41334
      https://github.com/dovecot/core/commit/fb7a68e3fcec6b4a9d75fae746970515c1d41334
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2017-04-13 (Thu, 13 Apr 2017)

  Changed paths:
    M src/doveadm/client-connection.c

  Log Message:
  -----------
  doveadm: Make doveadm_password safe against timing attacks.


  Commit: 2d1959da1ebecf3892172b29a968799c326f44b6
      https://github.com/dovecot/core/commit/2d1959da1ebecf3892172b29a968799c326f44b6
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2017-04-13 (Thu, 13 Apr 2017)

  Changed paths:
    M src/auth/auth-request-handler.c

  Log Message:
  -----------
  auth: Shuffle failed auth requests before sending the failure replies.

This might be helpful against some timing attacks.

Using Fisher–Yates shuffle.


  Commit: bb087f91a2c9070b894fcb182b53f31a908d574a
      https://github.com/dovecot/core/commit/bb087f91a2c9070b894fcb182b53f31a908d574a
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2017-04-13 (Thu, 13 Apr 2017)

  Changed paths:
    M src/auth/auth-master-connection.c
    M src/auth/mech-apop.c
    M src/auth/mech-cram-md5.c
    M src/auth/mech-digest-md5.c
    M src/auth/mech-gssapi.c
    M src/auth/mech-ntlm.c
    M src/auth/mech-rpa.c
    M src/auth/mech-scram-sha1.c
    M src/auth/password-scheme-pbkdf2.c
    M src/auth/password-scheme-scram.c
    M src/auth/password-scheme.c

  Log Message:
  -----------
  auth: Use mem_equals_timing_safe() for all password hash comparisons.

It's unlikely these could be used to perform timing attacks, since the
attacker would have to have broken MD5/SHA badly enough to be able to
quickly generate string that result in wanted hashes. Still, the extra
cost is almost nothing and it's always better to be super paranoid!


  Commit: 9ad7afac16721c1c25bcdc7e121548c8d5f30835
      https://github.com/dovecot/core/commit/9ad7afac16721c1c25bcdc7e121548c8d5f30835
  Author: Aki Tuomi <aki.tuomi at dovecot.fi>
  Date:   2017-04-13 (Thu, 13 Apr 2017)

  Changed paths:
    M src/auth/auth-request.c

  Log Message:
  -----------
  auth: Fix mechanism filter to support `none`

Otherwise credentials lookup can fail. None indicates
that it should match when no mech is specified.


  Commit: 633e34e2067c3fade64ab04f7b60639c8ab54610
      https://github.com/dovecot/core/commit/633e34e2067c3fade64ab04f7b60639c8ab54610
  Author: Aki Tuomi <aki.tuomi at dovecot.fi>
  Date:   2017-04-13 (Thu, 13 Apr 2017)

  Changed paths:
    M src/auth/auth-request.c

  Log Message:
  -----------
  auth: Filter passdbs on credentials lookup start

Consistency with how plain verify works.


  Commit: aa2399c611e0264311f5e0d306f79bf000aebd86
      https://github.com/dovecot/core/commit/aa2399c611e0264311f5e0d306f79bf000aebd86
  Author: Aki Tuomi <aki.tuomi at dovecot.fi>
  Date:   2017-04-13 (Thu, 13 Apr 2017)

  Changed paths:
    M src/auth/userdb-vpopmail.c

  Log Message:
  -----------
  auth: Check var_expand error in vpopmail


Compare: https://github.com/dovecot/core/compare/b440bbfb2f75...aa2399c611e0

More information about the dovecot-cvs mailing list