| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Since v1.1.0 release is getting near, this could well be the last v1.0
release. I'll still fix important bugs, but if the bugfix is large or
affects only few people it'll probably get fixed only in v1.1 releases.
* mbox: Enable mail_privileged_group while creating INBOX.
- IMAP: Fixed a rare crash in FETCH BODY/BODYSTRUCTURE
- IMAP: If mailbox is selected with EXAMINE, ignore flag changes
- proxy: Login success reply was sent in two IP packets, which
confused some IMAP/POP3 clients
- ACL plugin leaked memory a bit
- dovecot-auth: allow_nets setting with network masks didn't work
correctly with big endian machines.
|
|
Note that the changes for the security hole fix were quite large. I tested with
several auth configurations myself and they seemed to work, but it's possible I
left a bug somewhere in there breaking someone's configuration. So make sure to
test that it works after upgrading.
Of course it would be really nice if Dovecot had a proper test suite where
testing all configurations could be automated and run before each release. I've
already started this with my imaptest tool (http://imapwiki.org/ImapTest), but
it only does IMAP tests and a lot of things are still missing. Some help would
be nice here.
* Fixed a security hole in blocking passdbs (MySQL always. PAM, passwd
and shadow if blocking=yes) where user could specify extra fields
in the password. The main problem here is when specifying
"skip_password_check" introduced in v1.0.11 for fixing master user
logins, allowing the user to log in as anyone without a valid
password.
- mail_privileged_group was broken in some systems (OS X, Solaris?)
- IMAP THREAD: Fixed some correctness problems
|
|
- Using mail_privileged_group with dotlock_use_excl=no worked, but it
logged "access denied" errors.
|
|
* mail_extra_groups setting was commonly used insecurely. This setting
is now deprecated. Most users should switch to using
mail_privileged_group setting, but if you really need the old
functionality use mail_access_groups instead.
- mbox: Dropped some of the physical size fetch optimizations added
in v1.0.8. This makes some commands slower, but should fix the rest
of the problems.
- IMAP: SEARCH BEFORE/ON/SINCE didn't handle timezones correctly.
- ldap: auth_bind was doing lookups using subtree scope instead of
the scope specified in config file.
- zlib plugin crashfixes by Richard Platel
- master passdbs: pass=yes setting was broken with blocking passdbs
(e.g. MySQL)
|
|
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
|
|
|
|
v1.0.8 and v1.0.9 were a bit bad releases. Hopefully one day I've managed to
have written a proper test suite which can be run before doing any releases..
* Security hole with LDAP+auth cache: If base setting contained
%variables they weren't included in auth cache key, which broke
caching. This could have caused different users with same passwords
to log in as each other. [pkgsrc: this was fixed in dovecot-1.0.9nb1]
- LDAP: Fixed potential infinite looping when connection to LDAP
server was lost and there were queued requests.
- mbox: More changes to fix problems caused by v1.0.8 and v1.0.9.
- Maildir: Fixed a UIDLIST_IS_LOCKED() assert-crash in some conditions
(caused by changes in v1.0.9)
- If protocols=none, don't require imap executables to exist
|
|
search base, see http://www.dovecot.org/list/dovecot-news/2007-December/000057.html
|
|
+ Maildir: Don't wait on dovecot-uidlist.lock when we just want to
find out a new filename for the message.
- mbox: v1.0.8 changes sometimes caused FETCH to fail with
"got too little data", disconnecting the client.
- Fixed a memory leak when FETCHing message header/body multiple
times within a command (e.g. BODY[1] BODY[2])
- IMAP: Partial body fetching was still slow with mboxes
|
|
+ Authentication: Added "password_noscheme" field that can be used
instead of "password". "password" treats "{prefix}" as a password
scheme while "password_noscheme" treats it as part of the password
itself. So "password_noscheme" should be used if you're storing
passwords as plaintext. Non-plaintext passwords never begin
with "{", so this isn't a problem with them.
- IMAP: Partial body fetching was sometimes non-optimal, causing
the entire message to be read for every FETCH command.
- deliver failed to save the message when envelope sender address
contained spaces.
- Maildir++ quota: We could have randomly recalculated quota when
it wasn't necessary.
- Login process could have crashed after logging in if client sent
data before "OK Logged in" reply was sent (i.e. before master had
replied that login succeeded).
- Don't assert-crash when reading dovecot.index.logs generated by
Dovecot v1.1.
- Authentication: Don't assert-crash if password beings with "{" but
doesn't contain "}".
- Authentication cache didn't work when using settings that changed
the username (e.g. auth_username_format).
|
|
|
|
Almost missed this one. I had already fixed it in v1.1 tree, but forgot
to fix in v1.0 tree.
- deliver: v1.0.6's "From " line ignoring could have written to a
bad location in stack, possibly causing problems.
|
|
* IDLE: Interval between mailbox change notifies is now 1 second,
because some clients keep a long-running IDLE connection and use
other connections to actually read the mails.
* SORT: If Date: header is missing or broken, fallback to using
INTERNALDATE (as the SORT draft nowadays specifies).
+ deliver: If message begins with a "From " line, ignore it.
+ zlib plugin: If maildir file has a "Z" flag, open it with zlib.
- CREATE: Don't assert-crash if trying to create namespace prefix.
- SEARCH: Fixes to handling NOT operator with sequence ranges.
- LDAP reconnection fixes
- Maildir: Don't break when renaming mailboxes with '*' or '%'
characters and children.
- mbox: Fixed "file size unexpectedly shrinked" error in some
conditions.
- quota+mbox: Don't fail if trying to delete a directory.
- Fixes to running from inetd
|
|
|
|
|
|
- deliver: v1.0.4 broke home directory handling
- maildir: Creating mailboxes didn't use dovecot-shared's group for
cur/new/tmp directories.
|
|
* Assume a MIME message if Content-Type: header exists, even if
Mime-Version: header doesn't.
- IMAP: CREATE ns_prefix/box/ didn't work right when namespace prefix
existed.
- deliver: plugin {} settings were overriding settings from userdb.
- mbox: Expunging the first message might not have worked always
- PostgreSQL: If we can't connect to server, timeout queries after
a while instead of trying forever.
- Solaris: sendfile() support was broken and could have caused
100% CPU usage and the connection hanging.
And one more thing I forgot from NEWS file:
- IMAP: Fixed infinite loop in some situations
|
|
and liblib.a to be able to build the sieve plugin with an installed dovecot
instance. Bump PKGREVISION.
|
|
- deliver: v1.0.2's bounce fix caused message to be always saved to
INBOX even if Sieve script had discard, reject or redirect commands.
- LDAP: auth_bind=yes and empty auth_bind_userdn leaked memory
- ACL plugin: If user was given i (insert) right for a mailbox, but
not all s/t/w (seen, deleted, other flags) rights, COPY and APPEND
commands weren't supposed to allow saving those flags. This is
technically a security fix, but it's unlikely this caused problems
for anyone.
- ACL plugin: i (insert) right didn't work unless user was also given
l (lookup) right.
- Solaris: Fixed filesystem quota for autofs mounts.
|
|
Fixes several bugs. This release also adds compatibility with upcoming
Dovecot v1.1 so it'll be possible to upgrade to v1.1 and back to v1.0.2
without anything breaking.
* dbox isn't built anymore by default. It will be redesigned so it
shouldn't be used.
+ Maildir: Support reading dovecot-uidlist (v3) files created by
Dovecot v1.1.
- Maildir: "UIDVALIDITY changed" errors could happen with newly
created mailboxes
- If "INBOX." namespace was used, LIST returned it with \HasNoChildren
which caused some clients not to show any other mailboxes.
- Maildir++ quota: If multiple processes were updating maildirsize
at the same time, we failed with "Unknown error".
- IMAP: IDLE didn't actually disconnect client after 30 minutes of
inactivity.
- LDAP passdb/userdb was leaking memory
- deliver: %variables in plugin {} weren't expanded
- deliver: Don't bounce the mail if Sieve plugin returns failure
|
|
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
|
|
* deliver: If Return-Path doesn't contain user and domain, don't try
to bounce the mail (this is how it was supposed to work earlier too)
* deliver: %variables in mail setting coming from userdb aren't
expanded anymore (again how it should have worked). The expansion
could have caused problems if paths contained any '%' characters.
+ Print Dovecot version number with dovecot -n and -a
+ deliver: Added -e parameter to write rejection error to stderr and
exit with EX_NOPERM instead of sending the rejection by executing
sendmail.
+ dovecot --log-error logs now a warning, an error and a fatal
- Trying to start Dovecot while it's already running doesn't anymore
wipe out login_dir and break the running Dovecot.
- maildir: Fixed "UID larger than next_uid" errors which happened
sometimes when dovecot-uidlist file didn't exist but index files did
(usually because mailbox didn't have any messages when it was
selected for the first time)
- maildir: We violated maildir spec a bit by not having keyword
characters sorted in the filename.
- maildir: If we don't have write access to cur/ directory, treat the
mailbox as read-only. This fixes some internal error problems with
trying to use read-only maildirs.
- maildir: Deleting a symlinked maildir failed with internal error.
- mbox: pop3_uidl_format=%m wasn't working right
- mbox: If non-filesystem quota was enabled, we could have failed
with "Unexpectedly lost From-line" errors while saving new messages
- mysql auth: %c didn't work. Patch by Andrey Panin
- APPEND / SEARCH: If internaldate was outside valid value for time_t,
we returned BAD error for APPEND and SEARCH never matched. With 64bit
systems this shouldn't have happened. With 32bit systems the valid
range is usually for years 1902..2037.
- COPY: We sent "Hang in there.." too early sometimes and checked it
too often (didn't break anything, but was slower than needed).
- deliver: Postfix's sendmail binary wasn't working with mail_debug=yes
- Don't corrupt ssl-parameters.dat files when running multiple Dovecot
instances.
- Cache compression caused dovecot.index.cache to be completely deleted
with big endian CPUs if 64bit file offsets were used (default)
- Fixed "(index_mail_parse_header): assertion failed" crash
|
|
Suggested by schmonz.
|
|
|
|
been in pkgsrc) except for the version number, so here is the announcement of
1.0rc32:
Pretty late for changes if v1.0 is supposed to come out tomorrow, but I
can't really leave these LDAP bugs unfixed. They shouldn't anyway break
anything, so here's one more day for you people to find out about any
bugs.
One thing that I'm a bit concerned about is the addition of #define
LDAP_DEPRECATED. I know it fixes crashes with OpenLDAP 2.3 + 64bit
systems, but I hope it doesn't break compiling with some old versions or
non-OpenLDAP libraries..
- LDAP, auth_bind=no: Don't crash if doing non-plaintext ldap passdb
lookup for unknown user. This also broke deliver when userdb static
was used.
- LDAP, auth_bind=yes and userdb ldap: We didn't wait until bind was
finished before sending the userdb request, which could have caused
problems.
- LDAP: Don't break when compiling with OpenLDAP v2.3 library
- Convert plugin: Don't create "maildirfolder" file to Maildir root.
|
|
mbox + NFS combination shouldn't break anymore. v1.0 still planned to
be released next friday.
- mbox: Give "mbox file was modified while we were syncing" error only
if we detect some problems in the mbox file. The check can't be
trusted with NFS.
- Convert plugin: If directory for destination storage doesn't exist,
create it.
- Convert plugin: Mailbox names weren't converted in subscription list.
|
|
So, this is it. Unless you can find a new and important bug within a
week, this release is the same as v1.0. I'll only update the version
number and NEWS file.
Changes since rc29:
* PAM: Lowercase the PAM service name when calling with "args = *".
Linux PAM did this internally already, but at least BSD didn't.
If your PAM file used to be in /etc/pam.d/IMAP or POP3 file you'll
need to lowercase it now.
+ Send list of CA names to client when using
ssl_verify_client_cert=yes.
- IMAP: If message body started with line feed, it wasn't counted
in BODY and BODYSTRUCTURE replies' line count field.
- deliver didn't load plugins before chrooting
|
|
Probably one more RC after this.
* Security fix: If zlib plugin was loaded, it was possible to open
gzipped mbox files outside the user's mail directory.
+ Added auth_gssapi_hostname setting.
- IMAP: LIST "" "" didn't return anything if there didn't exist a
namespace with empty prefix. This broke some clients.
- If Dovecot is tried to be started when it's already running, don't
delete existing auth sockets and break the running Dovecot
- If deliver failed too early it still returned exit code 89 instead
of EX_TEMPFAIL.
- deliver: INBOX fallbacking with -n parameter wasn't working.
- passdb passwd and shadow couldn't be used as master or deny databases
- IDLE: inotify didn't notice changes in mbox file
- If index file directory couldn't be created, disable indexes instead
of failing to open the mailbox.
- Several other minor fixes
|
|
Still a bit more fixes. My coding TODO list is again empty. Unless
something special happens in the next few weeks, I'll still make rc29
with the documentation included and v1.0 will be released April 13.
* deliver + userdb static: Verify the user's existence from passdb,
unless allow_all_users=yes
* dovecot --exec-mail: Log to configured log files instead of stderr
* Added "-example" part to doc/dovecot-sql-example.conf and
doc/dovecot-ldap-example.conf. They are now also installed to
$sysconfdir with "make install".
+ When copying/syncing a lot of mails, send "* OK Hang in there"
replies to client every 15 seconds so it doesn't just timeout the
connection.
+ Added idxview and logview utilities to examine Dovecot's index files
+ passdb passwd and shadow support blocking=yes setting now also
+ mbox: If mbox file changes unexpectedly while we're writing to it,
log an error.
+ deliver: Ignore -m "" parameter to make calling it easier.
+ deliver: Added new -n parameter to disable autocreating mailboxes.
It affects both -m parameter and Sieve plugin's fileinto action
- mbox: Using ~/ in the mail root directory caused a ~ directory to be
created (instead of expanding it to home directory)
- auth cache: If unknown user was found from cache, we didn't properly
return "unknown user" status, which could have caused problems in
deliver.
- mbox: Fixed "UID inserted in the middle of mailbox" in some
conditions with broken X-UID headers
- Index view syncing fixes
- rc27 didn't compile with some non-GCC compilers
- vpopmail support didn't compile in rc27
- NFS check with chrooting broke home direcotry for the first login
- deliver: If user lookup returned "unknown user", it logged
"BUG: Unexpected input"
- convert plugin didn't convert INBOX
|
|
A few new small features and lots of index/mbox fixes. I've been heavily
stress testing this release, so I think it should be about perfect. :)
I think the only thing still missing from v1.0 is documentation. There
are some unwritten pages in the wiki, and I still haven't bothered to
write the wiki -> doc/*.txt conversion script. The script will probably
be pretty easy, but writing the docs can take a while.
+ mbox and index file code handles silently out of quota/disk
space errors (maildir still has problems). They will give the user
a "Not enough disk space" error instead of flooding the log file.
+ Added fsync_disable setting.
+ mail-log plugin: Log the mailbox name, except if it's INBOX
+ dovecot-auth: Added a lot more debug logging to passdbs and userdbs
+ dovecot-auth: Added %c variable which expands to "secured" with
SSL/TLS/localhost.
+ dovecot-auth: Added %m variable which expands to auth mechanism name
- maildir++ quota: With ignore=box setting the quota was still updated
for the mailbox even though it was allowed to go over quota (but
quota recalculation ignored the box).
- Index file handling fixes
- mbox syncing fixes
- Wrong endianess index files still weren't silently rebuilt
- IMAP quota plugin: GETQUOTAROOT returned the mailbox name wrong the
namespace had a prefix or if its separator was non-default
- IMAP: If client was appending multiple messages with MULTIAPPEND
and LITERAL+ extensions and one of the appends failed, Dovecot
treated the rest of the mail data as IMAP commands.
- If mail was sent to client with sendfile() call, we could have
hanged the connection. This could happen only if mails were saved
with CR+LF linefeeds.
|
|
Most importantly this should fix mbox problems in recent RCs.
* Changed --with-headers to --enable-header-install
* If time moves backwards only max. 5 seconds, sleep until we're back
in the original present instead of killing ourself. An error is
still logged.
- IMAP: With namespace prefixes LSUB prefix.* listed INBOX.INBOX.
- deliver: Ignore mbox metadata headers from the message input.
X-IMAP header crashed deliver.
- deliver: If mail_debug=yes, drop out DEBUG environment before
calling sendmail binary. Postfix's sendmail didn't really like it.
- mbox: X-UID brokeness fixes broke rc25 even with valid X-UID headers.
Now the code should finally work right.
- Maildir: When syncing a huge maildir, touch dovecot-uidlist.lock file
once in a while to make sure it doesn't get overwritten by another
process.
- Maildir++ quota: We didn't handle NUL bytes in maildirsize files very
well. Now the file is rebuilt when they're seen (NFS problem).
- Index/view handling fix should fix some crashes/errors
- If index files were moved to a different endianess machine, Dovecot
logged all sorts of errors instead of silently rebuilding them.
- Convert plugin didn't change hierarchy separators in mailbox names.
- PostgreSQL authentication could have lost requests once in a while
with a heavily loaded server.
- Login processes could have crashed in some situations
- auth cache crashed with non-plaintext mechanisms
|
|
* If time moves backwards, Dovecot kills itself instead of giving
random problems.
+ Added --with-headers configure option to install .h files.
Binary package builders could use this to create some dovecot-dev
package to make compiling plugins easier.
- PLAIN authentication: Don't crash dovecot-auth with invalid input.
- IMAP APPEND: Don't crash if saving fails
- IMAP LIST: If prefix.INBOX has children and we're listing under
prefix.%, don't drop the prefix.
- mbox: Broken X-UID headers still weren't handled correctly.
- mail-log plugin: Fixed deleted/undeleted logging.
|
|
* Dovecot now fails to load plugins that were compiled for different
Dovecot version, unless version_ignore=yes is set. This needs to be
explicitly set in plugins, so out-of-tree plugins won't have this
check by default.
- pop3_lock_session=yes could cause deadlocks, and with maildir the
uidlist lock could have been overridden after 2 minutes causing
problems
- PAM wasted CPU by calling a timeout function 1000x too often
- Trash plugin was more or less broken with multiple namespaces and
with multiple trash mailboxes
|
|
Patch provided by Sergey Svishchev in private mail.
|
|
Documentation is probably the only important thing left before v1.0.
* deliver doesn't ever exit with Dovecot's internal exit codes anymore.
All its internal exit codes are changed to EX_TEMPFAIL.
* mbox: X-Delivery-ID header is now dropped when saving mails.
* mbox: If pop3_uidl_format=%m, we generate a unique X-Delivery-ID
header when saving mails to make sure the UIDL is unique.
+ PAM: blocking=yes in args uses an alternative way to do PAM checks.
Try it if you're having problems with PAM.
+ userdb passwd: blocking=yes in args makes the userdb lookups be done
in auth worker processes. Set it if you're doing remote NSS lookups
(eg. nss_ldap problems are fixed by this).
+ If PAM child process hasn't responded in two minutes, send KILL
signal to it (only with blocking=no)
- IMAP: APPEND ate all CPU while waiting for more data from the client
(broken in rc22)
- mbox: Broken X-UID headers assert-crashed sometimes
- mbox: When saving a message to an empty mbox file it got an UID
which immediately got incremented.
- mbox: Fixed some wrong "uid-last unexpectedly lost" errors.
- auth cache: In some situations we crashed if passdb had extra_fields.
- auth cache: Special extra_fields weren't saved to auth cache.
For example allow_nets restrictions were ignored for cached entries.
- A lot of initial login processes could cause auth socket errors
in log file at startup, if dovecot-auth started slowly. Now the
login processes are started only after dovecot-auth has finished
initializing itself.
- imap/pop3 proxy: Don't crash if the remote server disconnects before
we're logged in.
- deliver: Don't bother trying to save the mail twice into the default
mailbox (eg. if it's over quota).
- mmap_disable=yes + non-Linux was really slow with large
dovecot.index.cache files
- MySQL couldn't be used as a masterdb
- Trash plugin was more or less broken
- imap/pop3 couldn't load plugins if they chrooted
- imap/pop3-login process could crash in some conditions
- checkpassword-reply crashed if USER/HOME wasn't set
|
|
Found another bad bug in rc19 changes. Wonder why my imaptest catched
the bug only in CVS HEAD but not in branch_1_0 even though both had it.
Anyway, now the imaptest runs nicely for both, and I'm again optimistic
that the bug count is low enough for v1.0 to be released soon :)
+ pop3: Commit the transaction even if client didn't QUIT so cached
data gets saved.
- Fixed another indexing bug in rc19 and later which caused
transactions to be skipped in some situations, causing all kinds of
problems.
- mail_log_max_lines_per_sec was a bit broken and caused crashes with
dovecot -a
- BSD filesystem quota was counted wrong. Patch by Manuel Bouyer
- LIST: If namespace has a prefix and inbox=no, don't list
prefix.inbox if it happens to exist when listing for %.
Our patch-ah has been applied upstream and patch-ak was from dovecot CVS.
|
|
http://dovecot.org/pipermail/dovecot/2007-February/019246.html
Bump PKGREVISION.
|
|
Changes in dovecot-1.0rc20:
+ dovecot: Added --log-error command line option to log an error, so
the error log is easily found.
+ Added mail_log_max_lines_per_sec setting. Change it to avoid log
throttling with mail_log plugin.
- Changing message flags was more or less broken in rc19
- ACL plugin still didn't work without separate control directory
- Some mbox handling fixes, including fixing an infinite loop
- Some index file handling fixes
- maildir quota: Fixed a file descriptor leak
- If auth_cache was enabled and userdb returned "user unknown"
(typically only deliver can do that), dovecot-auth crashed.
- mail_log plugin didn't work with pop3
Changes in dovecot-1.0rc21:
- Cache file handling could have crashed rc20
|
|
utility does). Without this, the ration used/total displayed by clients
is right but the absolute values are wrong.
Submitted to dovecot developers, OK'd by ghen@
bump PKGREVISION
|
|
Just did a few more fixes to index files. Do they help with anyone's problems?
- ACL plugin didn't work unless control dir was separate from maildir
- More index file handling fixes
|
|
I think we're quite near v1.0 now.
* ACL plugin + Maildir: Moved dovecot-acl file from control directory
to maildir. To prevent accidents caused by this change, Dovecot
kills itself if it finds dovecot-acl file from the control directory.
* When opening a maildir, check if tmp/'s atime is over 8h old. If it
is, delete files in it with ctime older than 36h. However if
atime - ctime > 36h, it means that there's nothing to be deleted and
the scanning isn't done. We update atime ourself if filesystem is
mounted with noatime.
* base_dir doesn't need to be group-readable, don't force it.
* mail_read_mmaped setting is deprecated and possibly broken. It's now
removed from dovecot-example.conf, but it still works for now.
* Removed also umask setting from dovecot-example.conf since currently
it doesn't do what it's supposed to.
+ Authentication cache caches now also userdb data.
+ Added mail_log plugin to log various mail operations. Currently it
logs mail copies, deletions, expunges and mailbox deletions.
- dict quota: messages=n parameter actually changed storage limit.
- A lot of fixes to handling index files. This should fix almost all
of the problems ever reported.
- LDAP: auth_bind=yes was more or less broken.
- Saved mails and dovecot-keywords file didn't set the group from
dovecot-shared file.
- Fixed potential assert-crash while searching messages
- Fixed some crashes with invalid X-UID headers in mboxes
- If you didn't have a namespace with empty prefix, giving STATUS
command for a non-existing namespace caused the connection to give
"NO Unknown namespace" errors for all the future commands.
|
|
- MySQL authentication caused username to show up as "OK" in rc16.
|
|
If you've had problems with getting errors about index files
sometimes being corrupted, please try if this release fixes it. If
you've reported any bugs that this release hasn't fixed, please
report them again so I know they still didn't get fixed and that I
didn't forget them.
* IMAP: When trying to fetch an already expunged message, Dovecot used
to just disconnect client. Now it instead replies with dummy NIL
data.
* Priority numbers in plugin names have changed. If you're installing
from source, you should delete the existing plugin files before
installing the new ones, otherwise you'll get errors.
* Maildir: We're using rename() to move files from tmp/ to new/ now.
See http://wiki.dovecot.org/MailboxFormat/Maildir -> "Issues with
the specification" for reasoning why this is safe. This makes saving
mails faster, and also makes Dovecot usable with Mac OS X's HFS+
(after you also set dotlock_use_excl=yes, see below).
+ Added dotlock_use_excl setting. If enabled, dotlocks are created
directly using O_EXCL flag, instead of by creating a temporary file
which is hardlinked. O_EXCL is faster, but may not work with NFS.
+ If Dovecot crashes with Linux or Solaris, it'll log a
"Raw backtrace". It's worse than gdb's backtrace, but better than
nothing.
+ Added maildir_copy_preserve_filename=yes setting.
+ Added a lazy-expunge plugin to allow users to unexpunge their mails.
+ maildir quota: Added ignore setting to maildir quota, which allows
ignoring quota in Trash mailbox.
+ dict quota: If dictionary doesn't yet contain the quota, calculate
it by going through all the mails in all the mailboxes.
+ login_log_format_elements: Added %a=local port and %b=remote port
+ Added -i and -o options to rawlog to restrict logging only to
input or output.
- Doing a STATUS command for a selected mailbox (not a recommended
IMAP client behavior) caused Dovecot to sync the mailbox silently.
This could have lost eg. EXPUNGE events from clients, causing them
to use wrong sequence numbers.
- deliver was treating boolean settings set to "no" as if they were
"yes" (they were supposed to be commented out for "no")
- Running "dovecot" with -a or -n option while Dovecot was running
deleted all authentication sockets, which caused all the future
logins to fail.
- maildir: RENAME and DELETE didn't touch control directory if it was
different from maildir or index dir.
- We treated internal userdb lookup errors as "user unknown" errors.
In such situations this caused deliver to think the user didn't
exist and the mail get bounced.
- pam: Setting cache_key crashed
- shared maildir: dovecot-keywords file's mode wasn't taken from
dovecot-shared file.
- dovecotpw wasn't working with PowerPC
|
|
|
|
* Fixed an off-by-one buffer overflow in cache file handling. The
code is executed only with mmap_disable=yes and only if index files
are used (ie. INDEX=MEMORY is safe).
* passdb checkpassword: Handle vpopmail's non-standard exit codes.
- rc14 sometimes assert-crashed if .log.2 file existed in a mailbox
(earlier versions leaked memory and file descriptors)
- io_add() assert-crashfixes
- Potential SSL hang fix at the beginning of the connection
For details on the security issue, see:
http://www.dovecot.org/list/dovecot-news/2006-November/000023.html
|
|
More fixes.
"Duplicate header extension keywords" is the only known problem (or if I
forgot something, remind me). I'll try to figure out a way to reproduce
it easily and then get it fixed.
* LDAP: Don't try to use ldap_bind() with empty passwords, since
Windows 2003 AD skips password checking with them and just returns
success.
* verbose_ssl=yes: Don't bother logging "syscall failed: EOF"
messages. No-one cares about them.
+ Dovecot sources should now compile without any warnings with gcc 3.2+
- rc13 crashed if client disconnected while IDLEing
- LDAP: auth_bind=yes fixes
- %variables: Fixed zero padding handling and documented it. %0.1n
shouldn't enable it, and it really shouldn't stay for the next
%variable. -sign also shouldn't stay for the next variable.
- Don't leak opened .log.2 transaction logs.
- Fixed a potential hang in IDLE command (probably really rare).
- Fixed potential problems with client disconnecting while master was
handling the login.
- quota plugin didn't work in Mac OS X
|
|
I'll just keep on making new releases now whenever something important
is fixed. Hopefully there shouldn't be many left anymore.
Most of the bugs fixed in this release were found by stress testing with
my imaptest tool (http://dovecot.org/tools/imaptest.c). If you're
interested in knowing how perfectly your Dovecot setup works (especially
if you're using NFS), you could try the tool yourself also.
I still see one crash with mmap_disable=yes, but it's pretty rare. Will
see if I get it fixed before v1.0, but it's not that important.
+ deliver: If we're executing as a normal system user, get the HOME
environment from passwd if it's not set. This makes it possible to
run deliver from .forward.
- Older compilers caused LDAP authentication to crash
- Dying LDAP connections weren't handled exactly correctly in rc11,
although it seemed to work usually
- Fixed crashes and memory leaks with AUTHENTICATE command
- Fixed crashes and leaks with IMAP/POP3 proxying
- maildir: Changing a mailbox while another process was saving a
message there at the same may have caused the changes to not be made
into the maildir, which could have caused other problems later..
|
|
From the release announcement mail:
Since rc11 has problems compiling with BSDs, here's a new release. Just
two changes:
- rc11 didn't compile with some compilers
- default_mail_env fallbacking was broken with --exec-mail
|
|
Hopefully the last RC release? As far as I know there are no major
problems left now. If nothing big shows up, v1.0 should be out in a
couple of weeks.
* Renamed default_mail_env to mail_location. default_mail_env still
works for backwards compatibility.
* deliver: When sending rejects, don't include Content-Type in the
rejected mail's headers.
* LDAP changes:
* If auth binds are used, bind back to the default dn before doing
a search. Otherwise it could fail if a user gave an invalid
password.
* Initial binding at connect is now done asynchronously.
* Use pass_attrs even with auth_bind=yes since it may contain
useful non-password fields.
+ passdb checkpassword: Give TCPLOCALIP and TCPREMOTEIP and PROTO=TCP
environments to the checkpassword binary so we're UCSPI (and vchkpw)
compatible.
- mbox handling was a bit broken in rc10
- Using Dovecot via inetd kept crashing dovecot master
- deliver: Don't crash with -f "". Changed the default from envelope
to be "MAILER-DAEMON".
- INBOX wasn't shown with LSUB command if only prefixed namespaces
were used.
- passdb ldap: Reconnecting to LDAP server wasn't working with
auth binds.
- passdb sql: Non-plaintext authentication didn't work
- MySQL passdb ignored all non-password checks, such as allow_nets
- trash plugin was broken
|
|
I've finally read all the mails in the mailing list and in my INBOX. If
I haven't replied to some of your mail, please resend it.
Remember that since 1.0.rc9 release dovecot.index.cache files will get
rebuilt in 64bit systems, and it's probably better to delete them
manually so you don't get errors in log files.
There are only a couple of issues left in my v1.0-TODO list:
- Master process appears to be leaking log fds with kqueue. Could
someone again give me access to a system where this happens?
- Login process problems. How well does it work now? Hopefully well
enough that v1.0 could be released.
- LDAP authentication is leaking memory? Can anyone confirm this? Even
better, can someone figure out what exactly is leaking? :) Not a v1.0
blocker though.
I think v1.0 will be released once no-one has reported any major
problems for a Dovecot release in 2-4 weeks. I think login process
handling is the only potentially major problem left.
There are a few patches from people that I haven't forgotten, but I've
decided not to put them into v1.0 anymore:
- Filesystem quota group. I don't think it's that important feature,
and it might break something.
- HFS+ hardlink avoiding
- Managesieve
- vmailmgr support
And finally the changes in this release:
* When matching allowed_nets IPs, convert IPv6-mapped-IPv4 addresses
to actual IPv4 addresses first.
+ IMAP: Try to avoid sending duplicate/useless message flag updates
+ Added support for non-plaintext authentication for vpopmail if it
returns plaintext passwords. Based on patch by Remi Gacogne.
+ Added %D modified to return "sub.domain.org" as
"sub,dc=domain,dc=org" (for LDAP queries). Patch by Andrey Panin.
- rc9 broke cache files in 64bit systems
- deliver works now with mail_chroot
- auth cache didn't work properly with multiple passdbs
- Fixes to handling CRLF linefeeds in mboxes.
|
