configure.ac | 3 0 + 3 - 0 !
1 file changed, 3 deletions(-)

 disable runpath checking

imap/fud.c | 9 9 + 0 - 0 !
imap/imapd.c | 4 4 + 0 - 0 !
imap/lmtpd.c | 3 3 + 0 - 0 !
imap/pop3d.c | 3 3 + 0 - 0 !
4 files changed, 19 insertions(+)

 shutdown and close sockets cleanly
 Cleanly shutdown and close sockets, this is supposed to allow for better
 TCP teardown on the remote end, and reduces CLOSE_WAIT time.
 .
 This patch was written 8 years ago, it is possible that nowadays nothing
 will benefit from a shutdown() right before close().  The commit log
 from eight years ago mentions that SHUT_RD should be upgraded to
 SHUT_RDWR where possible, but only after verification that this is not
 going to cause problems (e.g. by discarding data still on flight to the
 remote).
 .
 Also, it is possible that new daemons and utils in Cyrus 2.2 and 2.3 may
 need similar patches.

imap/global.c | 7 6 + 1 - 0 !
ptclient/ptexpire.c | 2 1 + 1 - 0 !
ptclient/test.c | 2 1 + 1 - 0 !
ptclient/test2.c | 2 1 + 1 - 0 !
4 files changed, 9 insertions(+), 4 deletions(-)

 fix syslog prefix
 Make sure all programs log (to syslog) with "cyrus/<program>" as the
 log prefix.

perl/imap/cyradm.sh | 4 1 + 3 - 0 !
perl/sieve/scripts/installsieve.pl | 4 1 + 3 - 0 !
tools/rehash | 2 1 + 1 - 0 !
tools/translatesieve | 4 1 + 3 - 0 !
4 files changed, 4 insertions(+), 10 deletions(-)

 updates calling of the perl interpreter to what we expect in debian
 More precisely: Call /usr/bin/perl directly instead of using some
 shell magic to locate perl and run it.
 .
 NOTE: only some script use the "-w" or even the "-T" flag for perl.
 This should be the default actually.

perl/imap/IMAP/Shell.pm | 2 1 + 1 - 0 !
tools/rehash | 4 2 + 2 - 0 !
2 files changed, 3 insertions(+), 3 deletions(-)

 fix paths on debian in tools/rehash

imap/global.c | 2 2 + 0 - 0 !
lib/auth_unix.c | 18 18 + 0 - 0 !
lib/imapoptions | 5 5 + 0 - 0 !
lib/libcyr_cfg.c | 4 4 + 0 - 0 !
lib/libcyr_cfg.h | 2 2 + 0 - 0 !
5 files changed, 31 insertions(+)

 normalize the authentication id
 By normalize, it is intended that;
    1) Authentication IDs all can be lowercased for more accurate
       comparison without being volatile to, say, user error, and
    2) Any leading or trailing blank space can be stripped

Makefile.am | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 use unicodedata.txt from system

cunit/unit.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 increase test timeout

imap/cyr_cd.sh | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix shebang
 cyr_cd.sh isn't a valid sh script but a bash one

doc/html/_sources/imap/download/upgrade.rst.txt | 5 2 + 3 - 0 !
doc/text/imap/download/upgrade.txt | 6 2 + 4 - 0 !
2 files changed, 4 insertions(+), 7 deletions(-)

 fix the minimal version needed to update

backup/backupd.c | 3 1 + 2 - 0 !
backup/lcb.c | 5 2 + 3 - 0 !
backup/lcb_compact.c | 4 2 + 2 - 0 !
backup/lcb_read.c | 2 0 + 2 - 0 !
backup/lcb_verify.c | 10 4 + 6 - 0 !
cassandane/Cassandane/Cyrus/Conversations.pm | 71 0 + 71 - 0 !
cassandane/Cassandane/Cyrus/IMAPLimits.pm | 530 530 + 0 - 0 !
cassandane/Cassandane/Cyrus/SearchFuzzy.pm | 344 146 + 198 - 0 !
cassandane/Cassandane/IMAPMessageStore.pm | 8 5 + 3 - 0 !
changes/next/imap_literal_limits | 20 20 + 0 - 0 !
cunit/getxstring.testc | 4 0 + 4 - 0 !
cunit/parse.testc | 12 6 + 6 - 0 !
imap/append.c | 1 0 + 1 - 0 !
imap/backend.c | 2 0 + 2 - 0 !
imap/cyr_dbtool.c | 1 0 + 1 - 0 !
imap/dlist.c | 5 4 + 1 - 0 !
imap/httpd.c | 14 8 + 6 - 0 !
imap/imap_err.et | 13 13 + 0 - 0 !
imap/imapd.c | 1417 302 + 1115 - 0 !
imap/imapd.h | 1 1 + 0 - 0 !
imap/imapparse.c | 106 65 + 41 - 0 !
imap/index.h | 2 1 + 1 - 0 !
imap/message.c | 3 0 + 3 - 0 !
imap/mupdate.c | 3 3 + 0 - 0 !
imap/pop3d.c | 18 10 + 8 - 0 !
imap/sync_server.c | 3 1 + 2 - 0 !
imap/sync_support.c | 4 0 + 4 - 0 !
lib/imapoptions | 17 16 + 1 - 0 !
lib/libconfig.c | 3 3 + 0 - 0 !
lib/libconfig.h | 1 1 + 0 - 0 !
lib/prot.h | 10 5 + 5 - 0 !
31 files changed, 1149 insertions(+), 1488 deletions(-)

 cumulative patch for cve-2024-34055
 Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow authenticated attackers to
 cause unbounded memory allocation by sending many LITERALs in a single command.
 .
 The IMAP protocol allows for command arguments to be LITERALs of negotiated
 length, and for these the server allocates memory to receive the content before
 instructing the client to proceed. The allocated memory is released when the
 whole command has been received and processed.
 .
 The IMAP protocol has a number commands that specify an unlimited number of
 arguments, for example SEARCH. Each of these arguments can be a LITERAL, for
 which memory will be allocated and not released until the entire command has
 been received and processed. This can run a server out of memory, with varying
 consequences depending on the server's OOM policy.
 .
 Discovered by Damian Poddebniak.

cassandane/Cassandane/Instance.pm | 33 33 + 0 - 0 !
1 file changed, 33 insertions(+)

 instance: check backend sync to mupdate during murder shutdown

imap/imapparse.c | 5 4 + 1 - 0 !
imap/imapparse.h | 4 4 + 0 - 0 !
imap/mupdate-client.c | 20 10 + 10 - 0 !
3 files changed, 18 insertions(+), 11 deletions(-)

 imapparse: add getmstring() for mupdate-specific parsing
 The mupdate protocol uses LITERAL+ in server->client communications, whereas
 in the IMAP protocol this is only permitted in client->server communications.
 Adds a parser flag and corresponding macro to switch behaviours.
 Fixes #4932

imap/sync_support.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 sync_sieve_upload() always initialize buffer with script content