Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
dovecot22.16060
dovecot22.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File dovecot22.changes of Package dovecot22.16060
------------------------------------------------------------------- Wed Aug 12 08:29:49 UTC 2020 - Peter Varkoly <varkoly@suse.com> - CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923) apply upstream patch: 0001-auth-mech-rpa-Fail-on-zero-len-buffer.patch ------------------------------------------------------------------- Sat Aug 8 06:39:37 UTC 2020 - Peter Varkoly <varkoly@suse.com> - CVE-2020-12673: dovecot22,dovecot23: improper implementation of NTLM does not check message buffer size (bsc#1174922) applyed upstream patch: 0002-lib-ntlm-Check-buffer-length-on-responses.patch ------------------------------------------------------------------- Thu Sep 19 18:49:21 UTC 2019 - Peter Varkoly <varkoly@suse.com> - bsc#1145559 VUL-0: CVE-2019-11500: dovecot22, dovecot23: IMAP and ManageSieve protocol parsers do not properly handle NUL byte applyed upstream patches: 0001-lib-managesieve-Don-t-accept-strings-with-NULs.patch 0002-lib-managesieve-Make-sure-str_unescape-won-t-be-writ.patch 0001-lib-imap-Don-t-accept-strings-with-NULs.patch 0002-lib-imap-Make-sure-str_unescape-won-t-be-writing-pas.patch ------------------------------------------------------------------- Thu Mar 28 10:24:17 UTC 2019 - Peter Varkoly <varkoly@suse.com> - bsc#1123022 (CVE-2019-3814) Vulnerability in Dovecot related to SSL client certificate authentication applyed upstream patches: 0001-login-common-Ensure-we-get-username-from-certificate.patch 0002-auth-Fail-authentication-if-certificate-username-was.patch 0003-auth-Do-not-import-empty-certificate-username.patch ------------------------------------------------------------------- Wed Mar 27 13:52:35 UTC 2019 - Peter Varkoly <varkoly@suse.com> - bsc#1130116 - (CVE-2019-7524) VUL-0: CVE-2019-7524: FTS or POP3-UIDL header from dovecot index overflow applyed upstream patches: 0001-lib-storage-Fix-buffer-overflow-when-reading-oversiz.patch 0002-fts-Fix-buffer-overflow-when-reading-oversized-fts-h.patch ------------------------------------------------------------------- Thu Feb 28 13:32:57 UTC 2019 - Peter Varkoly <varkoly@suse.com> - managesieve-login: managesieve_client_input_next_cmd(): Fix handling of command continuation(bsc#1111789) added: managesieve-login-code-cleanup.patch ------------------------------------------------------------------- Tue Aug 21 11:41:35 UTC 2018 - varkoly@suse.com - bsc#1082828 - (CVE-2017-15130) VUL-0: CVE-2017-15130: dovecot22: TLS SNI config lookups are inefficient and can be used for DoS applyed upstream patches. added: 0001-lib-dns-Move-before-lib-master.patch 0002-config-Add-config_filter_get_all.patch 0003-config-Add-command-to-request-all-filters.patch 0004-lib-master-Support-validating-config-filters-against.patch 0005-login-common-Enable-config-filtering-by-local-name.patch 0006-lib-master-Fix-dns_match_wildcard-result-value-check.patch ------------------------------------------------------------------- Fri Apr 20 19:11:40 UTC 2018 - varkoly@suse.com - bsc#1082826 VUL-0: CVE-2017-14461: dovecot22: rfc822_parse_domain Information Leak Vulnerability applyed upstream patches. added: 0001-lib-mail-rfc822-parser-Add-asserts-to-make-sure-pars.patch 0002-lib-mail-test-message-address-Add-TEST_MESSAGE_ADDRE.patch 0003-lib-mail-Fix-out-of-bounds-read-when-parsing-an-inva.patch 0004-lib-mail-Make-sure-parsers-don-t-accidentally-go-muc.patch 0005-lib-mail-Add-rfc822_parser_deinit.patch 0006-lib-mail-Refactor-code-to-make-the-next-commit-small.patch 0007-global-Call-rfc822_parser_deinit-wherever-possible.patch ------------------------------------------------------------------- Fri Jan 12 11:57:23 UTC 2018 - varkoly@suse.com - bsc#1075608 New: VUL-0: dovecot: auth client leaks memory if SASL authentication is aborted. added: dovecot-22-auth-client-leaks-memory-if-SASL-authentication-is-aborted.patch Fix VUL-0: CVE-2017-15132: dovecot: *EMBARGOED* auth client leaks memory if SASL authentication is aborted. ------------------------------------------------------------------- Mon Jul 3 11:09:39 UTC 2017 - mrueckert@suse.de - added de5d6bb50931ea243f582ace5a31abb11b619ffe.patch: Do not attempt to deinitialize backend if it's not set ------------------------------------------------------------------- Mon Jul 3 10:45:21 UTC 2017 - mrueckert@suse.de - Fix notify extension (https://www.dovecot.org/pipermail/dovecot/2017-June/108474.html) bcb321bc62117d30bc53a872ca1154c0100aeefd.patch 8b2d740b8182c63b76ff7ef0dd5e01710228705a.patch ------------------------------------------------------------------- Tue Jun 27 10:51:08 UTC 2017 - mrueckert@suse.de - update dovecot-2.2.31-dhparams_fips_mode.patch to also work with libressl ------------------------------------------------------------------- Mon Jun 26 10:33:17 UTC 2017 - mrueckert@suse.de - added dovecot-2.2.31-dhparams_fips_mode.patch (boo#1045662) - make sure we do not generate dhparams smaller than 2048 in fips mode ------------------------------------------------------------------- Fri Jun 23 10:55:41 UTC 2017 - mrueckert@suse.de - update to 2.2.31 * LMTP: Removed "(Dovecot)" from added Received headers. Some installations want to hide it, and there's not really any good reason for anyone to have it. + Add ssl_alt_cert and ssl_alt_key settings to add support for having both RSA and ECDSA certificates. + dsync/imapc, pop3-migration plugin: Strip trailing whitespace from headers when matching mails. This helps with migrations from Zimbra. + acl: Add acl_globals_only setting to disable looking up per-mailbox dovecot-acl files. + Parse invalid message addresses better. This mainly affects the generated IMAP ENVELOPE replies. - v2.2.30 wasn't fixing corrupted dovecot.index.cache files properly. It could have deleted wrong mail's cache or assert-crashed. - v2.2.30 mail-crypt-acl plugin was assert-crashing - v2.2.30 welcome plugin wasn't working - Various fixes to handling mailbox listing. Especially related to handling nonexistent autocreated/autosubscribed mailboxes and ACLs. - Global ACL file was parsed as if it was local ACL file. This caused some of the ACL rule interactions to not work exactly as intended. - auth: forward_* fields didn't work properly: Only the first forward field was working, and only if the first passdb lookup succeeded. - Using mail_sort_max_read_count sometimes caused "Broken sort-* indexes, resetting" errors. - Using mail_sort_max_read_count may have caused very high CPU usage. - Message address parsing could have crashed on invalid input. - imapc_features=fetch-headers wasn't always working correctly and caused the full header to be fetched. - imapc: Various bugfixes related to connection failure handling. - quota=imapc sent unnecessary FETCH RFC822.SIZE to server when expunging mails. - quota=count: quota_warning = -storage=.. was never executed - quota=count: Add support for "ns" parameter - dsync: Fix incremental syncing for mails that don't have Date or Message-ID headers. - imap: Fix hang when client sends pipelined SEARCH + EXPUNGE/CLOSE/LOGOUT. - oauth2: Token validation didn't accept empty server responses. - imap: NOTIFY command has been almost completely broken since the beginning. I guess nobody has been trying to use it. - update pigeonhole to 0.4.19 * This release adjusts Pigeonhole to several changes in the Dovecot API, making it depend on Dovecot v2.2.31. Previous versions of Pigeonhole will produce compile warnings with the recent Dovecot releases (but still work ok). - Fixed bug in handling of implicit keep in some cases. Implicit side-effects, such as assigned flags, were not always applied correctly. This is in essence a very old bug, but it was exposed by recent changes. - include extension: Fixed segfault that (sometimes) occurred when the global script location was left unconfigured. - drop 3e1a17a286ab0e084577fc267a442cb12aed1cbc.patch: included in pigeonhole 0.4.19 - refreshed patches to apply cleanly again: dovecot-2.2.18-better_ssl_defaults.patch dovecot-2.2.18-dont_use_etc_ssl_certs.patch ------------------------------------------------------------------- Thu Jun 8 11:22:06 UTC 2017 - mrueckert@suse.de - update to 2.2.30.2 - auth: Multiple failed authentications within short time caused crashes - push-notification: OX driver crashed at deinit ------------------------------------------------------------------- Thu Jun 1 10:26:32 UTC 2017 - mrueckert@suse.de - update to 2.2.30.1 (boo# 1044110) - quota_warning scripts weren't working in v2.2.30 - vpopmail still wasn't compiling * auth: Use timing safe comparisons for everything related to passwords. It's unlikely that these could have been used for practical attacks, especially because Dovecot delays and flushes all failed authentications in 2 second intervals. Also it could have worked only when passwords were stored in plaintext in the passdb. * master process sends SIGQUIT to all running children at shutdown, which instructs them to close all the socket listeners immediately. This way restarting Dovecot should no longer fail due to some processes keeping the listeners open for a long time. + auth: Add passdb { mechanisms=none } to match separate passdb lookup + auth: Add passdb { username_filter } to use passdb only if user matches the filter. See https://wiki2.dovecot.org/PasswordDatabase + dsync: Add dsync_commit_msgs_interval setting. It attempts to commit the transaction after saving this many new messages. Because of the way dsync works, it may not always be possible if mails are copied or UIDs need to change. + imapc: Support imapc_features=search without ESEARCH extension. + imapc: Add imapc_features=fetch-bodystructure to pass through remote server's FETCH BODY and BODYSTRUCTURE. + imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the remote server. + passdb imap: Add allow_invalid_cert and ssl_ca_file parameters. + If dovecot.index.cache corruption is detected, reset only the one corrupted mail instead of the whole file. + doveadm mailbox status: Add "firstsaved" field. + director_flush_socket: Add old host's up/down and vhost count as parameters - More fixes to automatically fix corruption in dovecot.list.index - dsync-server: Fix support for dsync_features=empty-header-workaround - imapc: Various bugfixes, including infinite loops on some errors - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't enabled modseq tracking via CONDSTORE/QRESYNC. - fts-lucene: Fix it to work again with mbox format - Some internal error messages may have contained garbage in v2.2.29 - mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys are used. Otherwise the copied mails can't be opened. - vpopmail: Fix compiling ------------------------------------------------------------------- Fri Apr 28 10:05:58 UTC 2017 - mrueckert@suse.de - added 3e1a17a286ab0e084577fc267a442cb12aed1cbc.patch: fix flags with implicit keeps in sieve rules ------------------------------------------------------------------- Tue Apr 25 15:08:25 UTC 2017 - mrueckert@suse.de - fix dovecot-2.2.18-better_ssl_defaults.patch: aNULLLL is not a valid token, use aNULL. ------------------------------------------------------------------- Wed Apr 12 17:02:13 UTC 2017 - mrueckert@suse.de - update to 2.2.29.1 (boo#1032248) - imapc reconnection fix was forgotten from 2.2.29 release, which also made "make check" fail in a unit test - dict-sql: Merging multiple UPDATEs to a single statement wasn't actually working. - Fixed building with vpopmail * passdb/userdb dict: Don't double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS %(CVE-2017-2669) * When Dovecot encounters an internal error, it logs the real error and usually logs another line saying what function failed. Previously the second log line's error message was a rather uninformative "Internal error occurred. Refer to server log for more information." Now the real error message is duplicated in this second log line. * lmtp: If a delivery has multiple recipients, run autoexpunging only for the last recipient. This avoids a problem where a long autoexpunge run causes LMTP client to timeout between the DATA replies, resulting in duplicate mail deliveries. * config: Don't stop the process due to idling. Otherwise the configuration is reloaded when the process restarts. * mail_log plugin: Differentiate autoexpunges from regular expunges * imapc: Use LOGOUT to cleanly disconnect from server. * lib-http: Internal status codes (>9000) are no longer visible in logs * director: Log vhost count changes and HOST-UP/DOWN + quota: Add plugin { quota_max_mail_size } setting to limit the maximum individual mail size that can be saved. + imapc: Add imapc_features=delay-login. If set, connecting to the remote IMAP server isn't done until it's necessary. + imapc: Add imapc_connection_retry_count and imapc_connection_retry_interval settings. + imap, pop3, indexer-worker: Add (deinit) to process title before autoexpunging runs. + Added %{encrypt} and %{decrypt} variables + imap/pop3 proxy: Log proxy state in errors as human-readable string. + imap/pop3-login: All forward_* extra fields returned by passdb are sent to the next hop when proxying using ID/XCLIENT commands. On the receiving side these fields are imported and sent to auth process where they're accessible via %{passdb:forward_*}. This is done only if the sending IP address matches login_trusted_networks. + imap-login: If imap_id_retain=yes, send the IMAP ID string to auth process. %{client_id} expands to it in auth process. The ID string is also sent to the next hop when proxying. + passdb imap: Use ssl_client_ca_* settings for CA validation. - fts-tika: Fixed crash when parsing attachment without Content-Disposition header. Broken by 2.2.28. - trash plugin was broken in 2.2.28 - auth: When passdb/userdb lookups were done via auth-workers, too much data was added to auth cache. This could have resulted in wrong replies when using multiple passdbs/userdbs. - auth: passdb { skip & mechanisms } were ignored for the first passdb - oauth2: Various fixes, including fixes to crashes - dsync: Large Sieve scripts (or other large metadata) weren't always synced. - Index rebuild (e.g. doveadm force-resync) set all mails as \Recent - imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix - doveadm: Exit codes weren't preserved when proxying commands via doveadm-server. Almost all errors used exit code 75 (tempfail). - ACLs weren't applied to not-yet-existing autocreated mailboxes. - Fixed a potential crash when parsing a broken message header. - cassandra: Fallback consistency settings weren't working correctly. - doveadm director status <user>: "Initial config" was always empty - imapc: Various reconnection fixes. - update pigeonhole to 0.4.18 + imapsieve plugin: Implemented the copy_source_after rule action. When this is enabled for a mailbox rule, the specified Sieve script is executed for the message in the source mailbox during a "COPY" event. This happens only after the Sieve script that is executed for the corresponding message in the destination mailbox finishes running successfully. + imapsieve plugin: Added non-standard Sieve environment items for the source and destination mailbox. - multiscript: The execution of the discard script had an implicit "keep", rather than an implicit "discard". - refreshed dovecot-2.2.18-better_ssl_defaults.patch - moved the libdovecot-ldap.so symlink to the devel package ------------------------------------------------------------------- Mon Feb 27 12:41:47 UTC 2017 - mrueckert@suse.de - dcrypt is only build with ECC enabled openssl. This seems to be missing on SLE 11. Guard against that now. ------------------------------------------------------------------- Mon Feb 27 10:12:38 UTC 2017 - mrueckert@suse.de - update pigeonhole to 0.4.17 - LDA Sieve plugin: Fixed handling of an early explicit keep during multiscript execution. Action side-effects and the message snapshot would be lost at the final stage where the implicit keep is evaluated. This could result in the IMAP flags assigned to the message to be forgotten or that headers modified by the "editheader" extension would revert to their original state. - file script storage: Amended the up-to-date time stamp comparison for on-disk binaries to include nanoseconds. This will fix problems occurring when both binary and script are saved within the same second. This fix is ineffective on older systems that have no support for nanoseconds in stat() timestamps, which should be pretty rare nowadays. - file script storage: Improve saving and listing permission error to include more details. - imapsieve plugin: Make sure "INBOX" is upper case in static mailbox rules. Otherwise, the mailbox name would never match, since matching is performed case-sensitively and Dovecot only returns the upper-cased "INBOX". - imapsieve plugin: Fixed assert failure occurring when used with virtual mailboxes. - doveadm sieve plugin: Fixed crash when setting Sieve script via attribute's string value. ------------------------------------------------------------------- Fri Feb 24 14:08:41 UTC 2017 - mrueckert@suse.de - update to 2.2.28 * director: "doveadm director move" to same host now refreshes user's timeout. This allows keeping user constantly in the same backend by just periodically moving the user there. * When new mailbox is created, use initially INBOX's dovecot.index.cache caching decisions. * Expunging mails writes GUID to dovecot.index.log now only if the GUID is quickly available from index/cache. * pop3c: Increase timeout for PASS command to 5 minutes. * Mail access errors are no longer ignored when searching or sorting. With IMAP the untagged SEARCH/SORT reply is still sent the same as before, but NO reply is returned instead of OK. + Make dovecot.list.index's filename configurable. This is needed when there are multiple namespaces pointing to the same mail root (e.g. lazy_expunge namespace for mdbox). + Add size.virtual to dovecot.index when folder vsizes are accessed (e.g. quota=count). This is mainly a workaround to avoid slow quota recalculation performance when message sizes get lost from dovecot.index.cache due to corruption or some other reason. + auth: Support OAUTHBEARER and XOAUTH2 mechanisms. Also support them in lib-dsasl for client side. + auth: Support filtering by SASL mechanism: passdb { mechanisms } + Shrink the mail processes' memory usage by not storing settings duplicated unnecessarily many times. + imap: Add imap_fetch_failure setting to control what happens when FETCH fails for some mails (see example-config). + imap: Include info about last command in disconnection log line. + imap: Created new SEARCH=X-MIMEPART extension. It's currently not advertised by default, since it's not fully implemented. + fts-solr: Add support for basic authentication. + Cassandra: Support automatically retrying failed queries if execution_retry_interval and execution_retry_times are set. + doveadm: Added "mailbox path" command. + mail_log plugin: If plugin { mail_log_cached_only=yes }, log the wanted fields only if it doesn't require opening the email. + mail_vsize_bg_after_count setting added (see example-config). + mail_sort_max_read_count setting added (see example-config). + pop3c: Added pop3c_features=no-pipelining setting to prevent using PIPELINING extension even though it's advertised. - Index files: day_first_uid wasn't updated correctly since v2.2.26. This caused dovecot.index.cache to be non-optimal. - imap: SEARCH/SORT may have assert-crashed in client_check_command_hangs - imap: FETCH X-MAILBOX may have assert-crashed in virtual mailboxes. - imap: Running time in tagged command reply was often wrongly 0. - search: Using NOT n:* or NOT UID n:* wasn't handled correctly - director: doveadm director kick was broken - director: Fix crash when using director_flush_socket - director: Fix some bugs when moving users between backends - imapc: Various error handling fixes and improvements - master: doveadm process status output had a lot of duplicates. - autoexpunge: If mailbox's rename timestamp is newer than mail's save-timestamp, use it instead. This is useful when autoexpunging e.g. Trash/* and an entire mailbox is deleted by renaming it under Trash to prevent it from being autoexpunged too early. - autoexpunge: Multiple processes may have been trying to expunge the same mails simultaneously. This was problematic especially with lazy_expunge plugin. - auth: %{passdb:*} was empty in auth-worker processes - auth-policy: hashed_password was always sent empty. - dict-sql: Merge multiple UPDATEs to a single statement if possible. - fts-solr: Escape {} chars when sending queries - fts: fts_autoindex_exclude = \Special-use caused crashes - doveadm-server: Fix leaks and other problems when process is reused for multiple requests (service_count != 1) - sdbox: Fix assert-crash on mailbox create race - lda/lmtp: deliver_log_format values weren't entirely correct if Sieve was used. especially %{storage_id} was broken. - lmtp_user_concurrency_limit didn't work if userdb changed username - drop obsolete patches: dovecot-2.2.27-endian.patch 79195413c349af7f9ce26871bf79c70af07ea7ce.patch ------------------------------------------------------------------- Sun Feb 19 06:04:50 UTC 2017 - kukuk@suse.com - Remove superfluous insserv PreReq. ------------------------------------------------------------------- Wed Feb 15 11:02:40 UTC 2017 - mrueckert@suse.de - added dovecot-2.2.27-endian.patch: fixes testsuite on s390(x) ------------------------------------------------------------------- Mon Feb 6 11:41:17 UTC 2017 - mrueckert@suse.de - added 79195413c349af7f9ce26871bf79c70af07ea7ce.patch: backport patch from git to fix crashes when using FTS plugins ------------------------------------------------------------------- Tue Dec 6 00:06:58 UTC 2016 - mrueckert@suse.de - update to 2.2.27 * dovecot.list.index.log rotation sizes/times were changed so that the .log file stays smaller and .log.2 is deleted sooner. + Added mail_crypt plugin that allows encryption of stored emails. See http://wiki2.dovecot.org/Plugins/MailCrypt + stats: Global stats can be sent to Carbon server by setting stats_carbon_server=ip:port + imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send ID/XCLIENT + Added generic hash modifier for %variables: %{<hash algorithm>;rounds=<n>,truncate=<bits>,salt=s>:field} Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256. Also "pkcs5" is supported using SHA256. For example: %{sha256:user} or %{md5;truncate=32:user}. + Added support for SHA3-256 and SHA3-512 hashes. + config: Support DNS wildcards in local_name, e.g. local_name *.example.com { .. } matches anything.example.com, but not multiple.anything.example.com. + config: Support multiple names in local_name, e.g. local_name "1.example.com 2.example.com" { .. } - Fixed crash in auth process when auth-policy was configured and authentication was aborted/failed without a username set. - director: If two users had different tags but the same hash, the users may have been redirected to the wrong tag's hosts. - Index files may have been thought incorrectly lost, causing "Missing middle file seq=.." to be logged and index rebuild. This happened more easily with IMAP hibernation enabled. - Various fixes to restoring state correctly in un-hibernation. - dovecot.index files were commonly 4 bytes per email too large. This is because 3 bytes per email were being wasted that could have been used for IMAP keywords. - Various fixes to handle dovecot.list.index corruption better. - lib-fts: Fixed assert-crash in address tokenizer with specific input. - Fixed assert-crash in HTML to text parsing with specific input (e.g. for FTS indexing or snippet generation) - doveadm sync -1: Fixed handling mailbox GUID conflicts. - sdbox, mdbox: Perform full index rebuild if corruption is detected inside lib-index, which runs index fsck. - quota: Don't skip quota checks when moving mails between different quota roots. - search: Multiple sequence sets or UID sets in search parameters weren't handled correctly. They were incorrectly merged together. - refreshed patches to apply cleanly again dovecot-2.2.18-better_ssl_defaults.patch dovecot-2.2.18-dont_use_etc_ssl_certs.patch - drop dovecot-2.2.25-umask_for_mkcert.patch, included upstream ------------------------------------------------------------------- Fri Nov 11 16:29:51 UTC 2016 - mrueckert@suse.de - update to 2.2.26.0 - Fixed some compiling issues. - auth: Fixed assert-crash when using NTLM or SKEY mechanisms and multiple passdbs. - auth: Fixed crash when exporting to auth-worker passdb extra fields that had empty values. - dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit * master: Removed hardcoded 511 backlog limit for listen(). The kernel should limit this as needed. * doveadm import: Source user is now initialized the same as target user. Added -U parameter to override the source user. * Mailbox names are no longer limited to 16 hierarchy levels. We'll check another way to make sure mailbox names can't grow larger than 4096 bytes. + Added a concept of "alternative usernames" by returning user_* extra field(s) in passdb. doveadm proxy list shows these alt usernames in "doveadm proxy list" output. "doveadm director&proxy kick" adds -f <passdb field> parameter. The alt usernames don't have to be unique, so this allows creation of user groups and kicking them in one command. + auth: passdb/userdb dict allows now %variables in key settings. + auth: If passdb returns noauthenticate=yes extra field, assume that it only set extra fields and authentication wasn't actually performed. + auth: passdb static now supports password={scheme} prefix. + auth, login_log_format_elements: Added %{local_name} variable, which expands to TLS SNI hostname if given. + imapc: Added imapc_max_line_length to limit maximum memory usage. + imap, pop3: Added rawlog_dir setting to store IMAP/POP3 traffic logs. This replaces at least partially the rawlog plugin. + dsync: Added dsync_features=empty-header-workaround setting. This makes incremental dsyncs work better for servers that randomly return empty headers for mails. When an empty header is seen for an existing mail, dsync assumes that it matches the local mail. + doveadm sync/backup: Added -I <max size> parameter to skip too large mails. + doveadm sync/backup: Fixed -t parameter and added -e for "end date". + doveadm mailbox metadata: Added -s parameter to allow accessing server metadata by using empty mailbox name. + Added "doveadm service status" and "doveadm process status" commands. + director: Added director_flush_socket. See http://wiki2.dovecot.org/Director#Flush_socket + doveadm director flush: Users are now moved only max 100 at a time to avoid load spikes. --max-parallel parameter overrides this. + Added FILE_LOCK_SLOW_WARNING_MSECS environment, which logs a warning if any lock is waited on or kept for this many milliseconds. - master process's listener socket was leaked to all child processes. This might have allowed untrusted processes to capture and prevent "doveadm service stop" comands from working. - login proxy: Fixed crash when outgoing SSL connections were hanging. - auth: userdb fields weren't passed to auth-workers, so %{userdb:*} from previous userdbs didn't work there. - auth: Each userdb lookup from cache reset its TTL. - auth: Fixed auth_bind=yes + sasl_bind=yes to work together - auth: Blocking userdb lookups reset extra fields set by previous userdbs. - auth: Cache keys didn't include %{passdb:*} and %{userdb:*} - auth-policy: Fixed crash due to using already-freed memory if policy lookup takes longer than auth request exists. - lib-auth: Unescape passdb/userdb extra fields. Mainly affected returning extra fields with LFs or TABs. - lmtp_user_concurrency_limit>0 setting was logging unnecessary anvil errors. - lmtp_user_concurrency_limit is now checked before quota check with lmtp_rcpt_check_quota=yes to avoid unnecessary quota work. - lmtp: %{userdb:*} variables didn't work in mail_log_prefix - autoexpunge settings for mailboxes with wildcards didn't work when namespace prefix was non-empty. - Fixed writing >2GB to iostream-temp files (used by fs-compress, fs-metawrap, doveadm-http) - director: Ignore duplicates in director_servers setting. - director: Many fixes related to connection handshaking, user moving and error handling. - director: Don't break with shutdown_clients=no - zlib, IMAP BINARY: Fixed internal caching when accessing multiple newly created mails. They all had UID=0 and the next mail could have wrongly used the previously cached mail. - doveadm stats reset wasn't reseting all the stats. - auth_stats=yes: Don't update num_logins, since it doubles them when using with mail stats. - quota count: Fixed deadlocks when updating vsize header. - dict-quota: Fixed crashes happening due to memory corruption. - dict proxy: Fixed various timeout-related bugs. - doveadm proxying: Fixed -A and -u wildcard handling. - doveadm proxying: Fixed hangs and bugs related to printing. - imap: Fixed wrongly triggering assert-crash in client_check_command_hangs. - imap proxy: Don't send ID command pipelined with nopipelining=yes - imap-hibernate: Don't execute quota_over_script or last_login after un-hibernation. - imap-hibernate: Don't un-hibernate if client sends DONE+IDLE in one IP packet. - imap-hibernate: Fixed various failures when un-hibernating. - fts: fts_autoindex=yes was broken in 2.2.25 unless fts_autoindex_exclude settings existed. - fts-solr: Fixed searching multiple mailboxes (patch by x16a0) - doveadm fetch body.snippet wasn't working in 2.2.25. Also fixed a crash with certain emails. - pop3-migration + dbox: Various fixes related to POP3 UIDL optimization in 2.2.25. - pop3-migration: Fixed "truncated email header" workaround. - update pigeonhole to 0.4.15 * Part of the Sieve extprograms implementation was moved to Dovecot, which means that this release depends on Dovecot v2.2.26+. * ManageSieve: The PUTSCRIPT command now allows uploading empty Sieve scripts. There was really no good reason to disallow doing that. + Sieve vnd.dovecot.report extension: + Added a Dovecot-Reporting-User field to the report body, which contains the e-mail address of the user sending the report. + Added support for configuring the "From:" address used in the report. + LDA sieve plugin: Implemented support for a "discard script" that is run when the message is going to be discarded. This allows doing something other than throwing the message away for good. + Sieve vnd.dovecot.environment extension: Added vnd.dovecot.config.* environment items. These environment items map to sieve_env_* settings from the plugin {} section in the configuration. Such values can of course also be returned from userdb. + Sieve vacation extension: Use the Microsoft X-Auto-Response-Suppress header to prevent unwanted responses from and to (older) Microsoft products. + ManageSieve: Added rawlog_dir setting to store ManageSieve traffic logs. This replaces at least partially the rawlog plugin (mimics similar IMAP/POP3 change). - doveadm sieve plugin: synchronization: Prevent setting file timestamps to unix epoch time. This occurred when Dovecot passed the timestamp as 'unknown' during synchronization. - Sieve exprograms plugin: Fixed spurious '+' sometimes returned at the end of socket-based program output. - imapsieve plugin: Fixed crash occurring in specific situations. - Performed various fixes based on static analysis and Clang warnings. - drop obsolete patches: 0001-auth-Introduce-db_ldap_bind_sasl-function.patch 0002-auth-Fix-default-SASL-bind-for-LDAP.patch ------------------------------------------------------------------- Fri Nov 11 14:18:12 UTC 2016 - mrueckert@suse.de - added dovecot-2.2.25-umask_for_mkcert.patch: CVE-2016-4983 (bnc #984639) ------------------------------------------------------------------- Mon Oct 10 17:23:33 UTC 2016 - matwey.kornilov@gmail.com - Add 0001-auth-Introduce-db_ldap_bind_sasl-function.patch 0002-auth-Fix-default-SASL-bind-for-LDAP.patch: Fix LDAP based authentication for some setups (boo #1003952) ------------------------------------------------------------------- Fri Jul 8 10:42:28 UTC 2016 - mrueckert@suse.de - update pigeonhole to 0.4.15 * vacation extension: The sieve_user_email setting is now used in the check for implicit delivery. - imapsieve plugin: For any mail transaction, the mailbox was opened a second time, even if no mailbox rule matched. This was unintentional, useless and caused problems when the imapsieve plugin was used with other plugins like acl. - extprograms plugin: Significantly improved error handling. No stream errors were logged. - extprograms plugin: Fixed bug in handling of result code from remote program (script service). - extprograms plugin: Connection to remote program service was not retried. - Several small fixes based on static analysis. - Fixed handling of quoted string localparts in email addresses. ------------------------------------------------------------------- Mon Jul 4 16:06:44 UTC 2016 - mrueckert@suse.de - update to 2.2.25 * lmtp: Start tracking lmtp_user_concurrency_limit and reject already at RCPT TO stage. This avoids MTA unnecessarily completing DATA only to get an error. * doveadm: Previously only mail settings were read from protocol doveadm { .. } section. Now all settings are. + quota: Added quota_over_flag_lazy_check setting. It avoids checking quota_over_flag always at startup. Instead it's checked only when quota is being read for some other purpose. + auth: Added a new auth policy service: http://wiki2.dovecot.org/Authentication/Policy + auth: Added PBKDF2 password scheme + auth: Added %{auth_user}, %{auth_username} and %{auth_domain} + auth: Added ":remove" suffix to extra field names to remove them. + auth: Added "delay_until=<timestamp>[+<max random secs>]" passdb extra field. The auth will wait until <timestamp> and optionally some randomness and then return success. + dict proxy: Added idle_msecs=<n> parameter. Support async operations. + Performance improvements for handling large mailboxes. + Added lib-dcrypt API for providing cryptographic functions. + Added "doveadm mailbox update" command + imap commands' output now includes timing spent on the "syncing" stage if it's larger than 0. + cassandra: Added metrics=<path> to connect setting to output internal statistics in JSON format every second to <path>. + doveadm mailbox delete: Added -e parameter to delete only empty mailboxes. Added --unsafe option to quickly delete a mailbox, bypassing lazy_expunge and quota plugins. + doveadm user & auth cache flush are now available via doveadm-server. + doveadm service stop <services> will stop specified services while leaving the rest of Dovecot running. + quota optimization: Avoid reading mail sizes for backends which don't need them (count, fs, dirsize) + Added mailbox { autoexpunge_max_mails=<n> } setting. + Added welcome plugin: http://wiki2.dovecot.org/Plugins/Welcome + fts: Added fts_autoindex_exclude setting. - v2.2.24's MIME parser was assert-crashing on mails having truncated MIME headers. - auth: With multiple userdbs the final success/failure result wasn't always correct. The last userdb's result was always used. - doveadm backup was sometimes deleting entire mailboxes unnecessarily. - doveadm: Command -parameters weren't being sent to doveadm-server. - If dovecot.index read failed e.g. because mmap() reached VSZ limit, an empty index could have been opened instead, corrupting the mailbox state. - imapc: Fixed EXPUNGE handling when imapc_features didn't have modseq. - lazy-expunge: Fixed a crash when copying failed. Various other fixes. - fts-lucene: Fixed crash on index rescan. - auth_stats=yes produced broken output - dict-ldap: Various fixes - dict-sql: NULL values crashed. Now they're treated as "not found". - update pigeonhole 0.4.15.rc1 - imapsieve plugin: For any mail transaction, the mailbox was opened a second time, even if no mailbox rule matched. This was unintentional, useless and caused problems when the imapsieve plugin was used with other plugins like acl. - extprograms plugin: Significantly improved error handling. No stream errors were logged. - Several small fixes based on static analysis. - drop patch dovecot-2.2.24-lucene-crashfix.patch ------------------------------------------------------------------- Mon Jun 27 12:12:14 UTC 2016 - wr@rosenauer.org - fixed crash in fts-lucene dovecot-2.2.24-lucene-crashfix.patch https://github.com/dovecot/core/commit/0f801c1bd3d684c219d7f3b1e75f8b85f66f7951 ------------------------------------------------------------------- Tue Apr 26 22:56:03 UTC 2016 - mrueckert@suse.de - update pigeonhole 0.4.14 * The address test now allows specifying the X-Original-To header. + Implemented the Sieve imapsieve extension and its IMAP counterpart (RFC 6785) as a set of plugins. This allows running Sieve scripts at IMAP activity, rather than at delivery. There are also facilities for the familiar sieve_before/sieve_after administrator scripts. A user script is defined for a mailbox using an IMAP METADATA entry, whereas administrator scripts are configured using mailbox matching rules defined in the plugin settings. + Adjusted the Sieve ihave extension to allow capability tests to be performed at runtime. This way, scripts can be written that work both at delivery and from IMAP. + Implemented support for runtime trace debugging. This means that detailed information about which commands, actions and tests are performed is written to a file. That file is created in the configured directory, but only if that directory exists. This way, a particular user can be easily singled out for debugging. This works much like the Dovecot rawlog facility. The trace output is identical to what is produced using sieve-test with its "-t" command line option. + Added a "sieve_user_email" setting that configures the user's primary email address. This is mainly useful to have a user email address available in IMAP, where envelope data is unavailable. + Implemented the dovecot-specific "vnd.dovecot.report" extension. This allows sending report messages in the Message Abuse Reporting Format (RFC 5965). - extprograms plugin: Fixed epoll() panic caused by closing the output FD before the output stream. - Made sure that the local part of a mail address is encoded properly using quoted string syntax when it is not a dot-atom. ------------------------------------------------------------------- Tue Apr 26 15:39:33 UTC 2016 - mrueckert@suse.de - update to 2.2.24 * doveconf now warns if it sees a global setting being changed when the same setting was already set inside some filters. (A common mistake has been adding more plugins to a global mail_plugins setting after it was already set inside protocol { .. }, which caused the global setting to be ignored for that protocol.) * LMTP proxy: Increased default timeout 30s -> 125s. This makes it less likely to reach the timeout and cause duplicate deliveries. * LMTP and indexer now append ":suffix" to session IDs to make it unique for the specific user's delivery. (Fixes duplicate session ID warnings in stats process.) + Added dict-ldap for performing read-only LDAP dict lookups. + lazy-expunge: All mails can be saved to a single specified mailbox. + mailbox { autoexpunge } supports now wildcards in mailbox names. + doveadm HTTP API: Added support for proxy commands + imapc: Reconnect when getting disconnected in non-selected state. + imapc: Added imapc_features=modseq to access MODSEQs/HIGHESTMODSEQ. This is especially useful for incremental dsync. + doveadm auth/user: Auth lookup performs debug logging if -o auth_debug=yes is given to doveadm. + Added passdb/userdb { auth_verbose=yes|no } setting. + Cassandra: Added user, password, num_threads, connect_timeout and request_timeout settings. + doveadm user -e <value>: Print <value> with %variables expanded. - Huge header lines could have caused Dovecot to use too much memory (depending on config and used IMAP commands). (Typically this would result in only the single user's process dying with out of memory due to reaching service { vsz_limit } - not a global DoS). - dsync: Detect and handle invalid/stale -s state string better. - dsync: Fixed crash caused by specific mailbox renames - auth: Auth cache is now disabled passwd-file. It was unnecessary and it broke %variables in extra fields. - fts-tika: Don't crash if it returns 500 error - dict-redis: Fixed timeout handling - SEARCH INTHREAD was crashing - stats: Only a single fifo_listeners was supported, making it impossible to use both auth_stats=yes and mail stats plugin. - SSL errors were logged in separate "Stacked error" log lines instead of as part of the disconnection reason. - MIME body parser didn't handle properly when a child MIME part's --boundary had the same prefix as the parent. ------------------------------------------------------------------- Sat Apr 9 17:08:36 UTC 2016 - michael@stroeder.com - update to 2.2.23 * Various fixes to doveadm. Especially running commands via doveadm-server was broken. * director: Fixed user weakness getting stuck in some situations * director: Fixed a situation where directors keep re-sending different states to each others and never becoming synced. * director: Fixed assert-crash related to a slow "user killed" reply * Fixed assert-crash related to istream-concat, which could have been triggered at least by a Sieve script. ------------------------------------------------------------------- Fri Mar 18 00:36:45 UTC 2016 - mrueckert@suse.de - update pigeonhole to 0.4.13 * redirect action: Added the list-id header to the duplicate ID for mail loop prevention. This means that the message sent directly to the user and the message coming through the mailing list itself are treated as different messages by the loop detection of the redirect command, even though their Message-ID may be identical. * Changed the Sieve number type to uint64_t, which means that Sieve numbers can now technically range up to 2^64. Some other Sieve implementation allowed this, making this change necessary for successful migration. + Implemented the sieve_implicit_extensions setting. The extensions listed in this setting do not need to be enabled explicitly using the Sieve "require" command. This behavior directly violates the standard, but can be necessary for compatibility with some existing implementations of Sieve. Do not use this setting unless you really need to! - redirect action: Made mail loop detection more robust by forcibly adding a Message-ID header if it is missing. - Prevent logging a useless "script not found" error message for LDAP scripts for which the entry exists but no attribute containing a script. This is not necessarily an error. - extprograms plugin: Changed the communication channel between parent and child process for a directly forked program from a socketpair to a double pipe. Linux does not support /dev/stdin, /dev/stdout and friends for sockets. For some shell program authors this may be confusing, so that is why it is changed. When using the script service, these device nodes are still not usable though. ------------------------------------------------------------------- Wed Mar 16 17:35:32 UTC 2016 - mrueckert@suse.de - update to 2.2.22 + Added doveadm HTTP API: See http://wiki2.dovecot.org/Design/DoveadmProtocol/HTTP + virtual plugin: Mailbox filtering can now be done based on the mailbox metadata. See http://wiki2.dovecot.org/Plugins/Virtual + stats: Added doveadm stats reset to reset global stats. + stats: Added authentication statistics if auth_stats=yes. + dsync, imapc, pop3c & pop3-migration: Many optimizations, improvements and error handling fixes. + doveadm: Most commands now stop soon after SIGINT/SIGTERM. - auth: Auth caching was done too aggressively when %variables were used in default_fields, override_fields or LDAP pass/user_attrs. userdb result_* were also ignored when user was found from cache. - imap: Fixed various assert-crashes caused v2.2.20+. Some of them caught actual hangs or otherwise unwanted behavior towards IMAP clients. - Expunges were forgotten in some situations, for example when pipelining multiple IMAP MOVE commands. - quota: Per-namespaces quota were broken for dict and count backends in v2.2.20+ - fts-solr: Search queries were using OR instead of AND as the separator for multi-token search queries in v2.2.20+. - Single instance storage support wasn't really working in v2.2.16+ - dbox: POP3 message ordering wasn't working correctly. - virtual plugin: Fixed crashes related to backend mailbox deletions. - update pigeonhole to 0.4.13.rc1 * redirect action: Added the list-id header to the duplicate ID for mail loop prevention. This means that the message sent directly to the user and the message coming through the mailing list itself are treated as different messages by the loop detection of the redirect command, even though their Message-ID may be identical. * Changed the Sieve number type to uint64_t, which means that Sieve numbers can now technically range up to 2^64. Some other Sieve implementation allowed this, making this change necessary for successful migration. + Implemented the sieve_implicit_extensions setting. The extensions listed in this setting do not need to be enabled explicitly using the Sieve "require" command. This behavior direct violates the standard, but can be necessary for compatibility with some existing implementations of Sieve. Do not use this setting unless you really need to! - redirect action: Made mail loop detection more robust by forcibly adding a Message-ID header if it is missing. - Prevent logging a useless "script not found" error message for LDAP scripts for which the entry exists but no attribute containing a script. This is not necessarily an error. - extprograms plugin: Changed the communication channel between parent and child process for a directly forked program from a socketpair to a double pipe. Linux does not support /dev/stdin, /dev/stdout and friends for sockets. For some shell program authors this may be confusing, so that is why it is changed. When using the script service, these device nodes are still not usable though. - drop patches included in version update: 3a719a01a1790df053854d5245ace5ab6d0c3d13.patch 6971937a6f3e93844dbd43bdbe903628e21a9422.patch ------------------------------------------------------------------- Sun Feb 7 01:49:35 UTC 2016 - mrueckert@suse.de - update pigeonhole to 0.4.12 + Implemented the Sieve extracttext extension (RFC 5703; Section 7). It is now possible to extract body text from a message into a variable. * Increased ABI version due to changes in the Sieve interpreter's object definitions. - multiscript: Fixed bug in handling of (implicit) keep; final keep action was always executed as though there was a failure. This caused the keep action to revert back to the initial message, causing editheader actions to be ignored. - managesieve-login: Fixed proxy to allow SASL mechanisms other than PLAIN. Before, the proxy would fail if the server did not support the PLAIN mechanism. - ldap storage: Prevent segfault occurring when assigning certain (global) configuration options. ------------------------------------------------------------------- Fri Jan 8 23:01:00 UTC 2016 - mrueckert@suse.de - update pigeonhole to 0.4.11 no noticable changes compared to rc1 ------------------------------------------------------------------- Mon Jan 4 08:33:16 UTC 2016 - mrueckert@suse.de - update pigeonhole to 0.4.11.rc1 - Sieve mime extension: Fixed the header :mime :anychild test to work properly outside a foreverypart loop. - Several fixes in message body part handling: - Fixed assert failure occurring when text extraction is attempted on an empty or broken text part. - Fixed assert failure in handling of body parts that are converted to text. - Fixed header unfolding for (mime) headers parsed from any mime part. - Fixed trimming for (mime) headers parsed from any mime part. - Fixed erroneous changes to the message part tree structure performed when re-parsing the message. - LDA Sieve plugin: Fixed logging of actions; sometimes the configured log format was not followed. - LDA Sieve plugin: Fixed bug in error handling of script storage initialization. - Sieve Extprograms plugin: Ignored ENOTCONN error in shutdown(fd, SHUT_WR) call. - Fixed duplication of discard actions in the script result. Each discard was counted as a separate action, which means that action limit would be crossed too early. - Made sure that quota errors never get logged as errors in syslog. - Fixed handling of implicit keep for a partially executed transaction that yielded a temporary failure. - Fixed handling of global errors. If master and user error handler were identical, in some cases the log message could be lost. - Fixed AIX compile issue in message body parser. ------------------------------------------------------------------- Mon Dec 14 02:33:36 UTC 2015 - mrueckert@suse.de - move stopword files from the lucene package to the main FTS package ------------------------------------------------------------------- Mon Dec 14 02:09:18 UTC 2015 - mrueckert@suse.de - update pigeonhole to 0.4.10 - Renamed pigeonhole.m4 to dovecot-pigeonhole.m4 ------------------------------------------------------------------- Mon Dec 14 02:00:13 UTC 2015 - mrueckert@suse.de - pulled 2 patches from upstream: 3a719a01a1790df053854d5245ace5ab6d0c3d13.patch 6971937a6f3e93844dbd43bdbe903628e21a9422.patch ------------------------------------------------------------------- Sat Dec 12 04:32:51 UTC 2015 - mrueckert@suse.de - for more consistent build behavior enable clucene support only on distros newer than SLE 11 ------------------------------------------------------------------- Sat Dec 12 02:26:51 UTC 2015 - mrueckert@suse.de - update to 2.2.21 - doveadm mailbox list (and some others) were broken in v2.2.20 - director: Fixed making backend changes when running with only a single director server. - virtual plugin: Fixed crash when trying to open nonexistent autocreated backend mailbox. ------------------------------------------------------------------- Tue Dec 8 11:04:53 UTC 2015 - mrueckert@suse.de - update to 2.2.20 + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra field. This allows replacing the default service imap/pop3/managesieve {} settings for specific users (e.g. running their imap process via valgrind or strace). + doveadm fetch: Added date.sent/received/saved.unixtime + fs-posix: Added mode=auto parameter to set the created files' and directories' mode based on the parent dir if it has setgid-bit. + director: Support backends having hostnames, which makes it possible to verify their SSL certificates. - director: Directors' state became desynchronized if doveadm director commands were used to modify the same backend in multiple directors at the same time with conflicting changes. This fix includes some extra checks, which makes sure that if such a conflict still happens it's automatically fixed. In some situations such an automatic fix may now be unnecessarily triggered and an error logged. - director: Backend tags weren't working correctly. - ldap: tls_* settings weren't used for ldaps URIs. - ldap, mysql: Fixed setting connect timeout. - auth: userdb lookups via auth-worker couldn't change username - dsync: Fixed handling deleted directories. Make sure we don't go to infinite mailbox renaming loop. - imap: Fixed crash in NOTIFY when there were watched namespaces that didn't support NOTIFY. - imap: After SETMETADATA was used, various commands (especially FETCH) could have started hanging when their output was large. - stats: Idle sessions weren't refreshed often enough, causing stats process to forget them and log errors about unknown sessions when they were updated later. - stats: Fixed "Duplicate session ID" errors when LMTP delivered to multiple recipients and fts_autoindex=yes. - zlib plugin: Fixed copying causing cache corruption when zlib_save wasn't set, but the source message was compressed. - fts-solr: Fixed escaping Solr query parameters. - lmtp: quota_full_tempfail=yes was ignored with lmtp_rcpt_check_quota=yes - update pigeonhole to 0.4.10.rc2 + Implemented the Sieve mime and foreverypart extensions (RFC 5703). These are fully implemented. The interaction with the editheader extension needs some work, but this should not influence most uses; i.e., changes by the editheader extension are not always visible using foreverypart/mime. + Sieve body extension: Properly implemented the `:text' body transform. It now extracts text for HTML message parts. + Sieve enotify extension: mailto method: Implemented the sieve_notify_mailto_envelope_from setting. This allows configuring the source of the notification sender address for e-mail notifications. This is similar to what already can be configured for redirect. + Added a sieve_enabled (defaults to 'yes') setting that allows explicitly disabling Sieve processing for particular users. This used to be possible by setting `sieve=', but ever since the sieve_before, sieve_after and sieve_default settings were added, this method was not reliable anymore. - variables extension: Fixed handling of empty string by the `:length' set modifier. An empty string yielded an empty string rather than "0". - Fixed memory leak in the Sieve script byte code dumping facility. Extension contexts were never actually freed. - Fixed handling of implicit keep when the last Sieve script is a global one. In that case the implicit keep action was executed in global context, which could mean that trivial (quota) errors ended up in the system log file, rather than the user log file. - doveadm sieve plugin: Fixed crashes caused by incorrect context allocation in the sieve command implementations. ------------------------------------------------------------------- Sun Oct 4 21:49:19 UTC 2015 - mrueckert@suse.de - update to dovecot 2.2.19 * pop3_deleted_flag has been broken since v2.2.10. Using it would cause buffer overflows, which could be exploitable. However, this bug would have become visible quite soon after users had deleted some POP3 mails, because the pop3 processes would have started crashing all the time even in normal use. * "doveadm director flush" command has a changed meaning now: It safely moves users to their wanted backends, instead of simply forgetting the mapping entirely and leaving the existing connections untouched. Use -F parameter to get the original unsafe behavior. + Added imap-hibernate processes (see imap_hibernate_timeout setting). IDLEing IMAP connections can be hibernated, which saves memory. + Optimized tracking mailboxes' vsizes (= sum of all messages' sizes). If mailbox_list_index=yes, it's also stored in there. This makes it very efficient to look up vsizes for all mailboxes. + Added a quota "count" backend, which uses the mailbox vsizes to get the current quota usage. It requires using the new quota_vsizes=yes setting, which tracks the messages' "virtual sizes" rather than "physical sizes". Their distiction is minor and mostly irrelevant nowadays (if mail sizes should be counted with LF or CRLF newlines). + "doveadm director up/down" commands added. The monitoring script should be using these commands instead of changing the vhost count. This allows admin to manually disable a server by changing the vhost count to 0 without the monitoring script changing it back. + Added support for HAProxy protocol: http://wiki2.dovecot.org/HAProxy + Added push-notification plugin framework, which can be used to easily implement push notifications to various backends. Implemented "ox" backend for notifying Open-Xchange via HTTP/json. + imap_logout_format supports more variables now, e.g. number of deleted messages. + pop3: Added pop3_delete_type setting (related to pop3_deleted_flag). + plugin { fts_enforced=yes } setting now fails body searches unless it can be done via the full text search engine. + Added %{passdb:*} and %{userdb:*} variables to various places + auth: Added ":protected" suffix for passdb and userdb fields. If used, the field doesn't overwrite an existing field. + IMAP/POP3 proxy: If a backend server dies, avoid client reconnection spikes by slowly disconnecting clients over time. This is enabled by setting login_proxy_max_disconnect_delay=secs passdb extra field. + imap: Added new read-only METADATA entries: /private/specialuse, /shared/comment, /shared/admin + imap: If client disconnects in the middle of a command, log how long the command had been running. - mdbox: Rebuilding could have caused message's reference count to overflow the 16bit number in some situations, causing problems when trying to expunge the duplicates. - Various search fixes (fts, solr, tika, lib-charset, indexer) - Various virtual plugin fixes - Various fixes and optimizations to dsync, imapc and pop3-migration - imap: Various RFC compliancy and crash fixes to NOTIFY - update to pigeonhole 0.4.9 * Properly implemented checking of ABI version for Sieve interpreter plugins, much like Dovecot itself does for plugins. This will prevent plugin ABI mismatches. + Implemented a vnd.dovecot.environment extension. This builds upon the standard environment extension and adds a few more environment items, such as username and default mailbox. It also creates a variables namespace so that environment items can be accessed directly. I am still thinking about more environment items that can be added. + Sieve extprograms plugin: Made line endings of the input passed to the external programs configurable. This can be configured separately for each of the three extensions. + ManageSieve: Implemented proxy XCLIENT support. This allows the proxy to pass client information to the back-end. - ManageSieve: Fixed an assert failure occurring when a client disconnects during the GETSCRIPT command. - doveadm sieve plugin: Fixed incorrect initialization of mail user. This caused a few memory leaks. - sieve-filter command line tool: Fixed handling of failure-related implicit keep when there is an explicit default destination folder. This caused message duplication. - lib-sieve: Fixed bug in RFC5322 header folding. Words longer than the optimal line length caused empty lines in the output, which would break the resulting message header. This surfaced in References: headers with very long message IDs. ------------------------------------------------------------------- Mon Jun 15 15:14:57 UTC 2015 - mrueckert@suse.de - added dovecot-2.2.18-better_ssl_defaults.patch: (boo #854512) - set the default cipher suite to: ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH - disable not just SSLv2 by default but also SSLv3 - set default dh params length to 2048 - prefer server side cipher order - disable compression - dropped all config changing via sed and folded them into this patch Upgrade note: if you want to benefit from those changes you have to merge your /etc/dovecot/conf.d/10-ssl.conf with /usr/share/doc/packages/dovecot/example-config/conf.d/10-ssl.conf ------------------------------------------------------------------- Mon Jun 15 11:22:01 UTC 2015 - mrueckert@suse.de - added dovecot-2.2.18-dont_use_etc_ssl_certs.patch: Remove all references /etc/ssl/certs/. It should not be used anymore. (boo #932386) Please make sure you read README.SUSE after installing this update. ------------------------------------------------------------------- Mon May 18 15:41:46 UTC 2015 - mrueckert@suse.de - disable textcat support again it leads to unresolvable symbols which look related to libstemmer ------------------------------------------------------------------- Fri May 15 18:58:04 UTC 2015 - mrueckert@suse.de - update to pigeonhole 0.4.8 + LDA Sieve plugin: Dovecot changed the deliver_log_format setting to include %{delivery_time}. This prompted changes in Pigeonhole that make %this release dependent on Dovecot v2.2.17. + Implemented magic to make sieve_default script visible from ManageSieve under a configurable name. This way, users can see the default rules, edit them and store a private adjusted version. This could also be achieved by copying the default script into the user's script storage, but updates to the global sieve_default script would be ignored that way. + ManageSieve: Implemented support for reporting command statistics at disconnect. Statistics include the number of bytes and scripts uploaded/ downloaded/checked and the number of scripts deleted/renamed. - Fixed problem in address test: erroneously decoded mime-encoded words in address headers. - extprograms plugin: Fixed failure occurring when connecting to script service without the need to read back the output from the external program. - Fixed bug in script storage path normalization occurring with relative symbolic links below root. - Fixed and updated various parts of the documentation - ManageSieve: Used "managesieve" rather than "sieve" as login service name, which means that all managesieve-specific settings where ignored. - Managesieve: Storage quota was not always enforced properly for scripts uploaded as quoted string. Nobody uses that, but it is allowed in the specification and we support it, so it should work properly. ------------------------------------------------------------------- Fri May 15 11:51:41 UTC 2015 - mrueckert@suse.de - update to 2.2.18 - director: Login UNIX sockets were normally detected as doveadm or director ring sockets, causing it to break in existing installations. - sdbox: When copying a mail in alt storage, place the destination to alt storage as well. - drop dovecot-2.2-tip.patch and the buildrequires for the autotools ------------------------------------------------------------------- Thu May 14 21:37:23 UTC 2015 - mrueckert@suse.de - added dovecot-2.2-tip.patch: update to tip of the 2.2 branch to fix the testsuite - temporary buildrequires on autotools ------------------------------------------------------------------- Thu May 14 16:22:50 UTC 2015 - mrueckert@suse.de - enable testsuite also for dovecot ------------------------------------------------------------------- Thu May 14 04:49:05 UTC 2015 - mrueckert@suse.de - only use ICU for newer distros as at least SLE 11 lacks ICU I18N ------------------------------------------------------------------- Thu May 14 03:56:33 UTC 2015 - mrueckert@suse.de - rework the full text search support a bit - build with ICU and textcat support (for newer than 12.3) - split out the fts plugin into a sub package as we pull more dependencies now - for consistency split out the squat plugin into a subpackage too. - Recommend the squat package from the main package for consistency ------------------------------------------------------------------- Thu May 14 03:20:18 UTC 2015 - mrueckert@suse.de - update to 2.2.17 * Dovecot no longer checks or warns if a mountpoint is removed. This was causing more trouble than it was worth. Make sure that all the mountpoints that Dovecot accesses aren't writable by mail processes when they're unmounted. * dict server wasn't properly escaping/unescaping data. Fixing this broke backwards compatibility with data that contains line feeds. This hopefully affects only very few installations. If you're using dict to save multiline data (Sieve scripts to SQL), you may be affected. * imap: SPECIAL-USE capability is no longer advertised if there are no special_use flags specified for any mailboxes. + lmtp: Added lmtp_hdr_delivery_address setting to specify whether to include email address in Delivered-To: and Received: headers. + Added initial version of full text search library, which includes language-specific text normalization and filtering. This is still in development, but it's already possible to use for testing with fts-lucene and fts-solr. + lda, lmtp: deliver_log_format can now include %{delivery_time}, which expands to how many milliseconds it took to deliver the mail. With LMTP %{session_time} also expands to how many milliseconds the LMTP session took, not including the delivery time. + lmtp proxy: Mail delivery logging includes timing information. + imap: Most IMAP commands now include in the tagged reply how many milliseconds it took to run the command (not counting the time spent on waiting for the IMAP client to read/write data). + director: Implemented director_proxy_maybe passdb extra field to be able to run director and backend in the same Dovecot instance. (LMTP doesn't support mixed proxy/non-proxy destinations currently.) + doveadm: Added -F <file> parameter to read a list of users from the given file and run the command for all the users. This is similar to -A parameter reading the list of users from userdb lookup. + Implemented initial Cassandra CQL support as lib-sql backend. It's only usable as dict backend currently. + Added quota-clone plugin to copy current quota usage to a dict. - auth: If auth_master_user_separator was set, auth process could be crashed by trying to log in with empty master username. - imap-login, pop3-login: Fixed crash on handshake failures with new OpenSSL versions (v1.0.2) when SSLv3 was disabled. - auth: If one passdb fails allow_nets check, it shouldn't have failed all the other passdb checks later on. - imap: Server METADATA couldn't be accessed - imapc: Fixed \Muted label handling in gmail-migration. - imapc: Various bugfixes and improvements. - Trash plugin fixes by Alexei Gradinari - mbox: Fixed crash/corruption in some situations ------------------------------------------------------------------- Thu Apr 23 23:29:43 UTC 2015 - mrueckert@suse.de - enable lz4 on 13.2 and newer - added cyrus-sasl-devel to enable sasl support for ldap ------------------------------------------------------------------- Thu Apr 23 23:14:08 UTC 2015 - mrueckert@suse.de - update to 2.2.16 * dbox: Resyncing (e.g. doveadm force-resync) no longer deletes dovecot.index.cache file. The cache file was rarely the problem so this just caused unnecessary slowness. * Mailbox name limits changed during mailbox creation: Each part of a hierarchical name (e.g. "x" or "y" in "x/y") can now be up to 255 chars long (instead of 200). This also reduces the max number of hierarchical levels to 16 (instead of 20) to keep the maximum name length 4096 (a common PATH_MAX limit). The 255 char limit is hopefully large enough for migrations from all existing systems. It's also the limit on many filesystems. + director: Added director_consistent_hashing setting to enable consistent hashing (instead of the mostly-random MD5 hashing). This causes fewer user moves between backends when backend counts are changed, which may improve performance (mainly due to caching). + director: Added support for "tags", which allows one director ring to serve multiple backend clusters with different sets of users. + LMTP server: Added lmtp_user_concurrency_limit setting to limit how many LMTP deliveries can be done concurrently for a single user. + LMTP server: Added support for STARTTLS command. + If logging data is generated faster than it can be written, log a warning about it and show information about it in log process's process title in ps output. Also don't allow a single service to flood too long at the cost of delaying other services' logging. + stats: Added support for getting global statistics. + stats: Use the same session IDs as the rest of Dovecot. + stats: Plugins can now create their own statistics fields + doveadm server: Non-mail related commands can now also be used via doveadm server (TCP socket). + doveadm proxying: passdb lookup can now override doveadm_port and change the username. + doveadm: Search query supports now "oldestonly" parameter to stop immediately on the first non-match. This can be used to optimize: doveadm expunge mailbox Trash savedbefore 30d oldestonly + doveadm: Added "save" command to directly save mails to specified mailbox (bypassing Sieve). + doveadm fetch: Added body.snippet field, which returns the first 100 chars of a message without whitespace or HTML tags. The result is stored into dovecot.index.cache, so it can be fetched efficiently. + dsync: Added -t <timestamp> parameter to sync only mails newer than the given received-timestamp. + dsync: Added -F [-]<flag> parameter to sync only mails with[out] the given flag/keyword. + dsync: Added -a <mailbox> parameter to specify the virtual mailbox containing user's all mails. If this mailbox is already found to contain the wanted mail (by its GUID), the message is copied from there instead of being re-saved. (This isn't efficient enough yet for incremental replication.) + dsync: -m parameter can now specify \Special-use names for mailboxes. + imapc: Added imapc_features=gmail-migration to help migrations from GMail. See http://wiki2.dovecot.org/Migration/Gmail + imapc: Added imapc_features=search to support IMAP SEARCH command. (Currently requires ESEARCH support from remote server.) + expire plugin: Added expire_cache=yes setting to cache most of the database lookups in dovecot index files. + quota: If overquota-flag in userdb doesn't match the current quota usage, execute a configured script. + redis dict: Added support for expiring keys (:expire_secs=n) and specifying the database number (:db=n) - auth: Don't crash if master user login is attempted without any configured master=yes passdbs - Parsing UTF-8 text for mails could have caused broken results sometimes if buffering was split in the middle of a UTF-8 character. This affected at least searching messages. - String sanitization for some logged output wasn't done properly: UTF-8 text could have been truncated wrongly or the truncation may not have happened at all. - fts-lucene: Lookups from virtual mailbox consisting of over 32 physical mailboxes could have caused crashes. - update to dovecot-pigeonhole 0.4.7 * editheader extension: Made protection against addition and deletion of headers configurable separately. Also, the `Received' and `Auto-Submitted' headers are no longer protected against addition by default. * Turned message envelope address parse errors into warnings. * The interpreter now accepts non-standard domain names, e.g. containing '_'. + Implemented the Sieve index extension (RFC 5260). + Implemented support for the mboxmetadata and servermetadata extensions (RFC 5490). + Implemented new sieve commands for the doveadm command line utility. These commands are currently limited to ManageSieve operations, but the other current sieve tools will be migrated to doveadm in the near future as well. + Added more debug output about binary up-to-date checking. + Added script metadata to binary dump output. - Fixed Sieve script binary up-to-date checking by normalizing the script location. - The Sieve interpreter now flushes the duplicate database during start phase of result execution rather than commit phase. This makes sure locks on the duplicate database are released as soon as possible, preventing contention. - Performed a few optimizations in the lexical scanner of the language. - Fixed bug in `:matches' match-type that made a pattern without wildcards match as if there were a '*' at the beginning. - Fixed crash in validation of the string parameter of the comparator tag. - extprograms extension: Made sure supplemental group privileges are also dropped. This was a problem reported by Debian lintian. - Fixed bug in handling of binary errors for action side-effects and message overrides. - file script storage: Restructured storage initialization to address backwards compatibility issues. - dict script storage: Fixed small memory allocation bug. - reordered files section a little ------------------------------------------------------------------- Mon Dec 15 11:35:33 UTC 2014 - mrueckert@suse.de - update to dovecot-pigeonhole 0.4.6 - After make distclean the distributed tarball would fail to recompile. This causes problems for some distribution builds. - changes in dovecot-pigeonhole 0.4.5 + Added a Pigeonhole version banner to doveconf output. This way, future bug reports will also include Pigeonhole version information. - Fixed handling of implicit keep. Last version erroneously reported that implicit keep succeeded after an earlier failure, while it in fact had failed. Particularly occurred for mailbox quota errors. - Fixed segfault occurring on SunOS systems when there is no active script. - changes in dovecot-pigeonhole 0.4.4 * Added support for Japanese mail addresses with dots at non-standard places in localpart. * Changed handling of ENOSPACE into a normal temporary failure and added handling of ENOQUOTA as a user error. * Restructured result execution, so that all actions which involve mail storage are always committed before all others. + Implemented support for generic Sieve storages. Using alternative storages now also possible for sieve_before/sieve_after. + Implemented storage driver for retrieving Sieve scripts from LDAP. This currently cannot be used with ManageSieve. + Implemented sieve_redirect_envelope_from setting, which allows configuring the envelope sender of redirected messages. - Fixed handling of mail storage errors occurring while evaluating the input message. - managesieve-login: - Removed bogus ALERT response code returned for AUTHENTICATE command. - Fixed handling of invalid initial response argument to AUTHENTICATE command. - Fixed handling of stream errors in lexical scanner. - Fixed handling of SMTP errors. Permanent and temporary errors were mixed up. - Fixed several problems reported by CLang 3.4. - duplicate extension: Fixed erroneous compile error about conflicting tags when `:handle' argument was used last. - relational extension: Fixed error handling of `:value' match. - editheader extension: Fixed header unfolding and header iteration. - mailbox extension: Fixed the `:create' tag, which erroneously subscribed an existing folder. - extprograms plugin: Fixed handling of error codes. - doveadm-sieve plugin: Fixed several bugs. Synchronization of symbolic link in the file storage should now also work properly. - drop dovecot-2.2-pigeonhole-0.4.3_adapt_to_2.2.15.patch: included in release - enable ldap storage for sieve scripts ------------------------------------------------------------------- Sun Nov 09 03:27:00 UTC 2014 - Led <ledest@gmail.com> - fix bashisms in pre script ------------------------------------------------------------------- Sun Oct 26 23:32:45 UTC 2014 - mrueckert@suse.de - update to version 2.2.15 * Plugins can now print a banner comment in doveconf output (typically the plugin version) * Replication plugin now triggers low (instead of high) priority for mail copying operations. * IMAP/POP3/ManageSieve proxy: If destination server can't be connected to, retry connecting once per second up to the value of proxy_timeout. This allows quick restarts/upgrades on the backend server without returning login failures. * Internal passdb lookups (e.g. done by lmtp/doveadm proxy) wasn't returning failure in some situations where it should have (e.g. allow_nets mismatch) * LMTP uses mail_log_prefix now for logging mail deliveries instead of a hardcoded prefix. The non-delivery log prefix is still hardcoded though. + passdb allow_nets=local matches lookups that don't contain an IP address (internally done by Dovecot services) + Various debug logging and error logging improvements - Various race condition fixes to LAYOUT=index - v2.2.14 virtual plugin crashed in some situations - added dovecot-2.2-pigeonhole-0.4.3_adapt_to_2.2.15.patch Adjusted to datastack-related changes in Dovecot lib-storage. Patch can be removed when we upgrade to pigeonhole 0.4.4 ------------------------------------------------------------------- Wed Oct 15 13:54:53 UTC 2014 - mrueckert@suse.de - update to version 2.2.14 * lmtp: Delivered-To: header no longer contains <> around the email address. Other MDAs don't have it either. * "Out of disk space" errors are now treated as temporary errors (not the same as "Out of disk quota"). * replication plugin: Use replication only for users who have a non-empty mail_replica setting. + lmtp proxy: Log a line about each mail delivery. + Added login_source_ips setting. This can be used to set the source IP address round-robin from a pool of IPs (in case you run out of TCP ports). + Rawlog settings can use tcp:<host>:<port> as the path. + virtual plugin: Don't keep more than virtual_max_open_mailboxes (default 64) number of backend mailboxes open. + SSL/TLS compression can be disabled with ssl_options=no_compression + acl: Global ACL file now supports "quotes" around patterns. + Added last-login plugin to set user's last-login timestamp on login. + LDAP auth: Allow passdb credentials lookup also with auth_bind=yes - IMAP: MODSEQ was sent in FETCH reply even if CONDSTORE/QRESYNC wasn't enabled. This broke at least old Outlooks. - passdb static treated missing password field the same as an empty password field. - mdbox: Fixed potential infinite looping when scanning a broken mdbox file. - imap-login, pop3-login: Fixed potential crashes when client disconnected unexpectedly. - imap proxy: The connection was hanging in some usage patterns. This mainly affected older Outlooks. - lmtp proxy: The proxy sometimes delivered empty mails in error situations or potentially delivered truncated mails. - fts-lucene: If whitespace_chars was set, we may have ended up indexing some garbage words, growing the index size unnecessarily. - -c and -i parameters for dovecot/doveadm commands were ignored if the config socket was readable. - quota: Quota recalculation didn't include INBOX in some setups. - Mail headers were sometimes added to dovecot.index.cache in wrong order. The main problem this caused was with dsync+imapc incremental syncing when the second sync thought the local mailbox had changed. - Fixed several race conditions with dovecot.index.cache handling that may have caused unnecessary "cache is corrupted" errors. - doveadm backup didn't notice if emails were missing from the middle of the destination mailbox. Now it deletes and resyncs the mailbox. - auth: If auth client listed userdb and disconnected before finishing, the auth worker process got stuck (and eventually all workers could get used up and requests would start failing). - update dovecot pigeonhole to 0.4.3 * Editheader extension: Made control characters allowed for editheader, except NUL. Before, this would cause a runtime error. + Upgraded Dovecot-specific Sieve "vnd.dovecot.duplicate" extension to match the new draft "duplicate" extension. - Fixed sieve_result_global_log_error to log only as i_info in administrator log (syslog) if executed from multiscript context. - Sieve redirect extension: Adjusted loop detection to show leniency to resent messages. - Sieve include extension: Fixed problem with handling of duplicate includes with different parameters :once or :optional. - Sieve spamtest/virustest extensions: Tests were erroneously performed against the original message. When used together with extprograms filter to add the spam headers, the changes were not being used by the spamtest and virustest extensions. - Deprecated Sieve notify extension: Fixed segfault problems in message string substitution. - ManageSieve: Fixed active link verification to handle redundant path slashes correctly. - Sieve vacation extension: - Fixed interaction of sieve_vacation_dont_check_recipient with sieve_vacation_send_from_recipient setting. - Fixed log message for discarded response. - Sieve extprograms plugin: - Forgot to disable the alarm() timeouts set for script execution. - Fixed fd leak and handling of output shutdown. - Fixed 'Bad filedescriptor' error occurring when disconnecting script client. - Made sure that programs are never forked with root privileges. ------------------------------------------------------------------- Thu Sep 11 11:40:28 UTC 2014 - mrueckert@suse.de - also track the config files from the sieve support in the %ghost ------------------------------------------------------------------- Thu Sep 11 11:09:41 UTC 2014 - mrueckert@suse.de - for the mysql subpackage use the really provided symbol and not just part of the package name. ------------------------------------------------------------------- Wed Sep 10 15:45:52 UTC 2014 - mrueckert@suse.de - fix typo in conflicts: s/otherprovider/otherproviders/ ------------------------------------------------------------------- Wed Sep 10 10:51:45 UTC 2014 - mrueckert@suse.de - while technically not needed, adding back conflicts on otherprovider(subpackage) ------------------------------------------------------------------- Tue Sep 9 10:18:05 UTC 2014 - mrueckert@suse.de - add all dovecot-*.configfiles as sources ------------------------------------------------------------------- Mon Sep 8 23:42:19 UTC 2014 - mrueckert@suse.de - dont ghost the whole /etc/dovecot. on older rpms the directory is not created in that case. we only ghost /etc/dovecot/* and have a %dir entry for /etc/dovecot. ------------------------------------------------------------------- Mon Sep 8 22:24:22 UTC 2014 - mrueckert@suse.de - dont try to delete systemd files when not building with systemd. ------------------------------------------------------------------- Mon Sep 8 20:14:32 UTC 2014 - mrueckert@suse.de - also add dovecot config files for the other 2.x branches ------------------------------------------------------------------- Mon Sep 8 14:35:56 UTC 2014 - mrueckert@suse.de - finally found a way to preserve the configuration even over version updates. - have the same ghosting loop in this package as in the unversioned package - that way the config files are owned by oth and upgrading to a newer version of dovecot e.g. 2.3 would also not kill the config anymore as before. ------------------------------------------------------------------- Fri Sep 5 19:04:10 UTC 2014 - mrueckert@suse.de - added back the old style conflicts to make upgrading easier - moved copying of the config to the unversioned package ------------------------------------------------------------------- Fri Sep 5 18:23:46 UTC 2014 - mrueckert@suse.de - move the copy part to %postun for handling the upgrading more graceful. ------------------------------------------------------------------- Fri Sep 5 17:36:38 UTC 2014 - mrueckert@suse.de - we really need the %posttrans for reinstalling the same package ------------------------------------------------------------------- Fri Sep 5 17:03:33 UTC 2014 - mrueckert@suse.de - no longer obsolete older packages. module packages require their base package with version. the main package has a conflicts on other providers of dovecot-implementation. ------------------------------------------------------------------- Fri Sep 5 16:15:14 UTC 2014 - mrueckert@suse.de - guard the new %pre/%post snippets against missing dovecot package ------------------------------------------------------------------- Fri Sep 5 16:06:18 UTC 2014 - mrueckert@suse.de - fix https://bugzilla.redhat.com/show_bug.cgi?id=134325: dovecot should be shut down before exchanging files. ------------------------------------------------------------------- Fri Sep 5 11:02:25 UTC 2014 - mrueckert@suse.de - remove all the init script related scripts from this package. that we we can break the build cycle more easily. - copy the example config in post. ------------------------------------------------------------------- Fri Sep 5 10:45:17 UTC 2014 - mrueckert@suse.de - split out all the things we can share with other versioned dovecot packages. ------------------------------------------------------------------- Thu Sep 4 15:45:02 UTC 2014 - mrueckert@suse.de - no longer obsolete/provide dovecot - provide dovecot-implementation ------------------------------------------------------------------- Tue Jul 29 16:00:28 UTC 2014 - mrueckert@suse.de - use xz-devel to fix build on SLE 11 SP3 ------------------------------------------------------------------- Tue Jul 29 14:28:04 UTC 2014 - mrueckert@suse.de - only build clucene for sle 11 or newer ------------------------------------------------------------------- Tue Jul 29 14:21:20 UTC 2014 - mrueckert@suse.de - don't package /var/run on systemd systems ------------------------------------------------------------------- Tue Jul 29 14:06:35 UTC 2014 - mrueckert@suse.de - only lzma support on sle 11 or newer ------------------------------------------------------------------- Tue Jul 29 13:44:20 UTC 2014 - mrueckert@suse.de - moved all the conditionals in the spec file to bcond_with - added new conditinal for lz4 - enabled lzma support - fixed systemd support: - added tmpfiles.d config for dovecot - only install the old init script on non systemd systems. - updated %pre*/%post scriptlets to the previous change - added dovecot-rpmlintrc to sources list ------------------------------------------------------------------- Tue Jul 29 11:50:16 UTC 2014 - varkoly@suse.com - bnc#889030 - Package 'dovecot22' contains 'SuSE' spelling in a filename and/or SPEC file - Enhance Readme.SUSE with informations about using dovecot with postfix on SLE12 ------------------------------------------------------------------- Mon May 12 09:48:45 UTC 2014 - alexandre@exatati.com.br - Update to 2.2.13: - Security release: Fixes CVE-2014-3430 (bnc#877255, rh#1096402). * Fixed a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly. This could have left the connections hanging arond for a long time. (Affected Dovecot v1.1+) + mdbox: Added mdbox_purge_preserve_alt setting to keep the file within alt storage during purge. (Should become enforced in v2.3.0?) + fts: Added support for parsing attachments via Apache Tika. Enable with: plugin { fts_tika = http://tikahost:9998/tika/ } + virtual plugin: Delay opening backend mailboxes until it's necessary. This requires mailbox_list_index=yes to work. (Currently IMAP IDLE command still causes all backend mailboxes to be opened.) + mail_never_cache_fields=* means now to disable all caching. This may be a useful optimization as doveadm/dsync parameter for some admin tasks which shouldn't really update the cache file. + IMAP: Return SPECIAL-USE flags always for LSUB command. - pop3 server was still crashing in v2.2.12 with some settings - maildir: Various fixes and improvements to handling compressed mails, especially when they have broken/missing S=sizes in filenames. - fts-lucene, fts-solr: Fixed crash on search when the index contained duplicate entries. - Many fixes and performance improvements to dsync and replication - director was somewhat broken when there were exactly two directors in the ring. It caused errors about "weak users" getting stuck. - mail_attachment_dir: Attachments with the last base64-encoded line longer than the rest wasn't handled correctly. - IMAP: SEARCH/SORT PARTIAL was handled completely wrong in v2.2.11+ - acl: Global ACL file handling was broken when multiple entries matched the mailbox name. (Only the first entry was used.) ------------------------------------------------------------------- Thu Feb 13 21:53:06 UTC 2014 - alexandre@exatati.com.br - Update to 2.2.12: - POP3 server code changes rarely, so I haven't spent time adding automated testing for it. So of course now that it changed in v2.1.11 there was a bug that caused it to crash most of the time (except for the test case I was using while developing it). This release fixes it, no other changes. ------------------------------------------------------------------- Wed Feb 12 23:17:20 UTC 2014 - varkoly@suse.com - Add conflicts to the spec file ------------------------------------------------------------------- Wed Feb 12 21:07:23 UTC 2014 - alexandre@exatati.com.br - Update to 2.2.11: + acl plugin: Added an alternative global ACL file that can contain mailbox patterns. See http://wiki2.dovecot.org/ACL for details. + imap proxy: Added proxy_nopipelining passdb setting to work around other IMAP servers' bugs (MS Exchange 2013 especially). + Added %{auth_user}, %{auth_username} and %{auth_domain} variables. See http://wiki2.dovecot.org/Variables for details. + Added support for LZ4 compression. + stats: Track also wall clock time for commands. + pop3_migration plugin improvements to try harder to match the UIDLs correctly. - imap: SEARCH/SORT PARTIAL reponses may have been too large. - doveadm backup: Fixed assert-crash when syncing mailbox deletion. ------------------------------------------------------------------- Fri Dec 20 11:00:39 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.10: + auth: passdb/userdb dict rewrite to support much more complex setups. See doc/example-config/dovecot-dict-auth.conf.ext. The old settings will continue to work. + auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's. See http://wiki2.dovecot.org/UserDatabase + imap: Implemented SETQUOTA command for admin user when quota_set is configured. See http://master.wiki2.dovecot.org/Quota/Configuration + quota: Support "*" and "?" wildcards in mailbox names in quota_rules + mysql: Added ssl_verify_server_cert=no|yes parameter. This currently defaults to "no" to make sure nothing breaks, but likely will become "yes" in Dovecot v2.3. + ldap: Added blocking=yes setting to use auth worker processes for ldap lookups. This is a workaround for now to be able to use multiple simultaneous LDAP connections. + pop3c+dsync performance improvements - quota-status: quota_grace was ignored - ldap: Fixed memory leak with auth_bind=yes and without auth_bind_userdn. - imap: Don't send HIGHESTMODSEQ anymore on SELECT/EXAMINE when CONDSTORE/QRESYNC has never before been enabled for the mailbox. - imap: Fixes to handling mailboxes without permanent modseqs. (When [NOMODSEQ] is returned by SELECT, mainly with in-memory indexes.) - imap: Various fixes to METADATA support. - stats plugin: Processes that only temporarily dropped privileges (e.g. indexer-worker) may have been logging errors about not being able to open /proc/self/io. ------------------------------------------------------------------- Mon Nov 25 02:50:00 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.9: + Full text search indexing can now be done automatically after saving/copying mails by setting plugin { fts_autoindex=yes } + replicator: Added replication_dsync_parameters setting to pass "doveadm sync" parameters (for controlling what to replicate). + Added mail-filter plugin + Added liblzma/xz support (zlib_save=xz) - v2.2.8's improved cache file handling exposed several old bugs related to fetching mail headers. - v2.2.7's iostream handling changes were causing some connections to be disconnected before flushing their output (e.g. POP3 logout message wasn't being sent) ------------------------------------------------------------------- Wed Nov 20 10:47:01 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.8: + Mail cache lookups work for the mail being saved. This improves performance by avoiding the need to parse the mail multiple times when using some plugins (e.g. mail_log). + Mail cache works for recently cached data also with in-memory indexes. + imapc: Many performance improvements, especially when working with dsync. Also added imapc_feature=fetch-headers which allows using FETCH BODY.PEEK[HEADER.FIELDS (..)] to avoid reading the entire header. + mail_location = ..:FULLDIRNAME=dbox-Mails is the same as :DIRNAME=dbox-Mails, but it will also be used for :INDEX and :CONTROL directories. (It should have worked this way from the beginning, but can't be changed anymore without breaking existing installations). - Fixed infinite loop in message parsing if message ends with "--boundary" and CR (without LF). Messages saved via SMTP/LMTP can't trigger this, because messages must end with an "LF.". A user could trigger this for him/herself though. - lmtp: Client was sometimes disconnected before all the output was sent to it. - imap_zlib plugin caused crashes during client disconnection in v2.2.7 - replicator: Database wasn't being exported to disk every 15 minutes as it should have. Instead it was being imported, causing "doveadm replicator remove" commands to not work very well. ------------------------------------------------------------------- Tue Nov 5 03:12:46 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.7: * Some usage of passdb checkpassword could have been exploitable by local users. You may need to modify your setup to keep it working. See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security + auth: Added ability to truncate values logged by auth_verbose_passwords (see 10-logging.conf comment) + mdbox: Added "mdbox_deleted" storage, which can be used to access messages with refcount=0. For example: doveadm import mdbox_deleted:~/mdbox "" mailbox inbox subject oops + ssl-params: Added ssl_dh_parameters_length setting. - master process was doing a hostname.domain lookup for each created process, which may have caused a lot of unnecessary DNS lookups. - dsync: Syncing over 100 messages at once caused problems in some situations, causing messages to get new UIDs. - fts-solr: Different Solr hosts for different users didn't work. ------------------------------------------------------------------- Wed Oct 9 15:14:07 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.6: * acl: If public/shared namespace has a shared subscriptions file for all users, don't list subscription entries that are not visible to the user accessing it. + doveadm: Added "auth lookup" command for doing passdb lookup. + login_log_format_elements: Added %{orig_user}, %{orig_username} and %{orig_domain} expanding to the username exactly as sent by the client (before any changes auth process made). + Added ssl_prefer_server_ciphers setting. + auth_verbose_passwords: Log the password also for unknown users. + Linux: Added optional support for SO_REUSEPORT with inet_listener { reuse_port=yes } - director: v2.2.5 changes caused "SYNC lost" errors - dsync: Many fixes and error handling improvements - doveadm -A: Don't waste CPU by doing a separate config lookup for each user - Long-running ssl-params process no longer prevents Dovecot restart - mbox: Fixed mailbox_list_index=yes to work correctly - Update Pigeonhole to 0.4.2: * Incompatible change in Sieve doveadm plugin: the root attribute for Sieve scripts is changed. Make sure that you update both sides of a dsync setup simultaneously when Sieve is involved, otherwise synchronization will likely fail. + Added support for sending Sieve vacation replies with an actual sender, rather than the default <> sender. Check the updated doc/extensions/vacation.txt for more information. - Fixed a binary code read problem in the `set' command of the Sieve variables extension. Using the set command with a modifier and an empty string value would cause code corruption problems while running the script. - Various fixes for doveadm-sieve plugin, mostly crashes. These include a fix for the `Invalid value for default sieve attribute' problem. - Various fixes for compiler and static analyzer warnings, e.g. as reported by CLang and on 32 bit systems. - Fixed the implementation of the new :options flag for the Sieve include extension. - Fixed potential segfault bug at deinitialization of the lda-sieve plugin. - Fixed messed up hex output for sieve-dump tool. ------------------------------------------------------------------- Wed Aug 14 05:47:21 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.5: + SSL: Added support for ECDH/ECDHE cipher suites (by David Hicks) + Added some missing man pages (by Pascal Volk) + quota-status: Added quota_status_toolarge setting (by Ulrich Zehl) - director: Users near expiration could have been redirected to different servers at the same time. - pop3: Avoid assert-crash if client disconnects during LIST. - mdbox: Corrupted index header still wasn't automatically fixed. - dsync: Various fixes to work better with imapc and pop3c storages. - ldap: sasl_bind=yes caused crashes, because Dovecot's lib-sasl symbols conflicted with Cyrus SASL library. - imap: Various error handling fixes to CATENATE. (Found using Apple's stress test script.) ------------------------------------------------------------------- Wed Jul 3 21:25:06 UTC 2013 - alexandre@exatati.com.br - Update Pigeonhole to 0.4.1: + Added support for handling temporary failures. These are passed back to LDA/LTMP to produce an appropriate response towards the MTA. - Sieve storage: Removed PATH_MAX limitation for active symlink. This caused problems for GNU/Hurd. - Fixed line endings in X-Sieve headers added by redirect command. - ManageSieve: Fixed '[' ']' stupidity for response codes (only happened before login). - Fixed setting name in example-config/conf.d/20-managesieve.conf. - Sieve extprograms plugin: Fixed interaction between pipe command and remote script service. The output from the script service was never read, causing a broken pipe error at the script service. Apparently, this was broken since the I/O handling for extprograms was last revised. - Fixed assertion failure due to datastack problem in message header composition. ------------------------------------------------------------------- Tue Jun 25 04:27:13 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.4: + doveadm: Added "flags" command to modify message flags. + doveadm: Added "deduplicate" command to expunge message duplicates. + dsync: Show the state in process title with verbose_proctitle=yes. - imap/pop3 proxy: Master user logins were broken in v2.2.3 - sdbox/mdbox: A corrupted index header with wrong size was never automatically fixed in v2.2.3. - mbox: Fixed assert-crashes related to locking. ------------------------------------------------------------------- Mon Jun 17 02:13:21 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.3: This is a pretty important upgrade for v2.2 users, because of the IMAP ENVELOPE reply fix. * LDA/LMTP: If new mail delivery first fails with "temporary failure", tempfail the whole delivery instead of falling back to delivering the mail to INBOX. (Requires new Pigeonhole as well.) * doc/solr-schema.xml was updated to Solr v4.x format. Also the default analyzers were changed, hopefully for the better. Note that the schema can't be changed for existing Solr indexes without rebuilding everything. * Solr plugin does only soft commits from now on. You'll need a cronjob to send a hard commit command to it every few minutes. + Added %N modifier for variables as %H-like "new hash" + sdbox, mdbox: Support POP3 message order field (for migrations) + Added mailbox { driver } to specify a different mail storage format for the mailbox than generally used within the namespace. + Added initial lib-sasl library for client side SASL support. Currently supports only PLAIN, LOGIN and plugins. Used currently by IMAP and POP3 proxying when authenticating to the remote server. - IMAP: If subject contained only whitespace, Dovecot returned an ENVELOPE reply with a huge literal value, effectively causing the IMAP client to wait for more data forever. - IMAP: Various URLAUTH fixes. - imapc: Various bugfixes and improvements - pop3c: Various fixes to make it work in dsync (without imapc) - dsync: Fixes to syncing subscriptions. Fixes to syncing mailbox renames. ------------------------------------------------------------------- Sat Jun 15 21:11:31 UTC 2013 - wr@rosenauer.org - reenable sieve/pigeonhole extension - conflict with otherproviders(dovecot) instead of explicit package names ------------------------------------------------------------------- Mon May 20 02:45:13 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.2: + zlib: Keep the last mail cached uncompressed in a temp file. This fixes performance when doing small partial fetches from a large mail. + acl: If plugin { acl_defaults_from_inbox = yes } is set, get the default ACLs for private and shared namespaces from the user's INBOX. (This probably will become default in v2.3.) + pop3: Added pop3_deleted_flag setting to switch POP3 deletions to only hide the messages from POP3, but still be visible via IMAP. - ACL plugin: Mailbox creation wasn't actually checking any ACLs and always succeeded (due to some v2.2 API changes). The created mailbox couldn't have been accessed though, so this couldn't have caused any data leak. - IMAP: Various URLAUTH fixes. - IMAP: Fixed a hang with invalid APPEND parameters. - IMAP LIST-EXTENDED: INBOX was never listed with \Subscribed flag. - mailbox_list_index=yes still caused crashes. - maildir: Fixed a crash after dovecot-keywords file was re-read. - maildir: If files had reappeared unexpectedly to a Maildir, they were ignored until index files were deleted. - Maildir: Fixed handling over 26 keywords in a mailbox. - Maildir++: Fixed mail_shared_explicit_inbox=no - namespace { prefix="" list=no } was listing mailboxes. - imap/pop3-login proxying: Fixed a crash if TCP connection succeeded, but the remote login timed out. - Case-insensitive search/sort didn't work correctly for all unicode characters, as specified by i;unicode-casemap comparator. If full text search indexes were used, they need to be rebuilt for old mails to be handled correctly. (This bug has existed always in Dovecot.) ------------------------------------------------------------------- Thu May 9 17:25:00 UTC 2013 - alexandre@exatati.com.br - Update Pigeonhole to 0.4.0: + Added doveadm-sieve plugin that provides the possibility to sync Sieve scripts using doveadm sync along with the user's mailboxes. + Added the Sieve extprograms plugin to the main Pigeonhole package. It is still a plugin, but it is now included so that a separate compile is no longer necessary and distributors are likely to include it. The extprograms plugin provides Sieve language extensions that allows executing (administrator-controlled) external programs for message delivery, message filtering and string manipulation. Refer to doc/plugins/sieve_extprograms.txt for more information. + Added debug message showing Pigeonhole version at initialization. Makes it very clear that the plugin is properly loaded. + Finished implementation of the Sieve include extension. It should now fully conform to RFC 6609. The main addition is the new :optional tag which makes the include command ignore missing included scripts without an error. + Finished implementation of the Sieve environment extension as much as possible. Environment items "location", "phase" and "domain" now also return a usable value. ------------------------------------------------------------------- Thu Apr 18 21:49:06 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.1: - mailbox_list_index=yes was broken. - LAYOUT=index didn't list subscriptions. - auth: Multiple master passdbs didn't work. - Message parsing (e.g. during search) crashed when multipart message didn't actually contain any parts. ------------------------------------------------------------------- Fri Apr 12 17:40:59 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.0: * When creating home directories, the permissions are copied from the parent directory if it has setgid-bit set. For full details, see http://wiki2.dovecot.org/SharedMailboxes/Permissions * "doveadm auth" command was renamed to "doveadm auth test" * IMAP: ID command now advertises server name as Dovecot by default. It was already trivial to guess this from command replies. * dovecot.index.cache files can be safely accessed only by v2.1.11+. Older versions may think they're corrupted and delete them. * LDA/LMTP: If saving a mail brings user from under quota to over quota, allow it based on quota_grace setting (default: 10% above quota limit). * pop3_lock_session=yes now uses a POP3-only dovecot-pop3-session.lock file instead of actually locking the mailbox (and causing IMAP/LDA/LMTP to wait for the POP3 session to close). * mail_shared_explicit_inbox setting's default switched to "no". * ssl_client_ca_dir setting replaced imapc_ssl_ca_dir and pop3c_ssl_ca_dir settings. + Implemented IMAP MOVE and BINARY extensions + Implemented IMAP CATENATE, URLAUTH and URLAUTH=BINARY extensions (by Stephan Bosch). + Implemented IMAP NOTIFY extension. Requires mailbox_list_index=yes to be enabled. + Redesigned and rewritten dsync. The new design makes the syncing faster, more reliable and more featureful. The new dsync protocol isn't backwards compatible with old dsync versions (but is designed to be forwards compatible with future versions). + All mailbox formats now support per-user message flags for shared mailboxes by using a private index. It can be enabled by adding :INDEXPVT=<path> to mail location. This should be used instead of :INDEX also for Maildir/mbox to improve performance. + Improved mailbox list indexes. They should be usable now, although still disabled by default. + Added LAYOUT=index. The mailbox directories are created using their GUIDs in the filesystem, while the actual GUID <-> name mapping exists only in the index. + LMTP proxy: Implemented XCLIENT extension for passing remote IP address through proxy. ------------------------------------------------------------------- Thu Apr 11 16:18:42 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.rc7: * checkpasword: AUTH_PASSWORD environment is no longer set. * Running dsync no longer triggers quota warnings. + dsync: Commit large transactions every 100 new messages, so if a large sync crashes it doesn't have to be restarted from the beginning. - replicator: doveadm commands and user list export may have skipped some users. - Various fixes to mailbox_list_index=yes ------------------------------------------------------------------- Sun Apr 7 23:57:16 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.rc6: * replicator: Don't create replicator-doveadm socket by default. This way doveadm replicator commands don't accidentally start an unconfigured replicator server. + replicator: Have remote dsync notify the remote replicator that a user was just synced. This way the replicators are kept roughly in sync. + Added ssl_client_ca_file to specify the CA certs as a file. This is needed (instead of ssl_client_ca_dir) in RedHat-based systems. + Added "doveadm fs" commands, mainly to debug lib-fs backends. - Mailbox list indexes weren't using proper file permissions based on the root directory. ------------------------------------------------------------------- Fri Apr 5 18:11:38 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.rc5: One more API change that required also a Pigeonhole modification. A few other random fixes. I'm planning on making v2.2.0 release on Monday. Please test before that. :) ------------------------------------------------------------------- Fri Apr 5 03:10:28 UTC 2013 - alexandre@exatati.com.br - Update to rc4: A lot of small random fixes. Some last minute major cleanups/fixes to lib-http and lib-ssl-iostream error handling, which makes them much easier to debug if something goes wrong (so e.g. if https site has invalid certificate, the caller gets error message saying that, including the part of the cert that couldn't be validated). I don't have anything important left in my v2.2 TODO. It passes all my tests. So I'm hoping for v2.2.0 release any day now. + Added "doveadm replicator" commands - Larger changes to lib-http and lib-ssl-iostream error handling. The API caller can now get the exact error message as a string. - Various bugfixes to LDAP changes in rc3 ------------------------------------------------------------------- Thu Mar 21 02:19:42 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.rc3: + dsync: Support syncing ACLs (and Sieve scripts with Pigeonhole) + ldap: Support subqueries and value pointers, see http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb + postmaster_address setting: Expand %d to recipient's domain - Fixed a crash when decoding quoted-printable content. - dsync: Various bugfixes ------------------------------------------------------------------- Tue Feb 26 01:19:15 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.rc2: - A few fixes since beta2. Also added tcp and tcps (=tcp+ssl) targets for dsync, where the destination needs to be a doveadm-server listener. ------------------------------------------------------------------- Fri Feb 22 17:02:02 UTC 2013 - alexandre@exatati.com.br - Update to 2.2.beta2: - A ton of fixes since beta1. Especially the new dsync and the replication server related to that should really work now. It also works correctly now for shared mailboxes with private \Seen flags. And the replication server uses incremental syncing after the initial full sync, so it should be pretty efficient also. ------------------------------------------------------------------- Wed Jan 9 10:52:25 UTC 2013 - alexandre@exatati.com.br - Start packaging dovecot22 series using dovecot21 (at 2.1.13) spec file as base; - Start dovecot22 with dovecot-2.2.beta1.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor