Hi Apollon,

thanks for your feedback.

When I said that the package is unusable in it's current form, I've meant it 
only to the dovecot-solr package, not for the whole dovecot ecosystem. Well, 
I'm not surprised that it didn't turned out earlier, as in Jessie it worked 
well (it was on 2.2.13) and apparently it looks that not many people using 
dovecot-solr upgraded to Stretch yet.

Anyway, thanks for the good news, I'm looking forward to the patched package.

Regards,
Barna
On 2017-06-26 9:27:27, Apollon Oikonomopoulos <[email protected]> wrote:
Control: severity -1 important

Hi,

Thanks for the report!

On 02:03 Mon 26 Jun , Barnabas Bona wrote:
> Package: dovecot-solr
> Version: 1:2.2.27-3
> Severity: normal
> Tags: patch
>
> Hi,
>
> unfortunately in dovecot 2.2.27 there is a known bug (introduced with commit 
> f3b0efdcbd0bd9059574c8f86d6cb43e16c8e521)
> in the solr query construction code, which includes unescaped {} characters 
> in the query string. As this violates
> the RFC 3986, solr reject the query, making the whole FTS defunct.
>
> I think this bug should be considered as severe, as it renders the whole 
> package unusable.

Well, it doesn't render dovecot unusable, just dovecot-solr. Also the
bug has been there since 2.2.22 (with many users using the backports
version), only to be noticed and fixed upstream in 2.2.28.

Of course that doesn't mean we should not fix it, I just don't consider
it grave or serious. I'll prepare a stable update fixing this (and
probably more) for Stretch.

Thanks,
Apollon

Reply via email to