./mail/dovecot2, Secure IMAP and POP3 server

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.2.30.2, Package name: dovecot-2.2.30.2, Maintainer: adam

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems,
written with security primarily in mind. Dovecot is an excellent choice for both
small and large installations. It's fast, simple to set up, requires no special
administration and it uses very little memory.


Required to run:
[archivers/lz4]

Required to build:
[pkgtools/cwrappers]

Package options: kqueue, pam, ssl, tcpwrappers

Master sites:

SHA1: 89396675545d6ee8d85fcb11be8446ff8f51211d
RMD160: aa106ba9ec122b54e09621112301403ae8578c0e
Filesize: 5867.318 KB

Version history: (Expand)


CVS history: (Expand)


   2017-06-07 11:12:41 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Hopefully the last 2.2.30.x..
- auth: Multiple failed authentications within short time caused
  crashes
- push-notification: OX driver crashed at deinit
   2017-06-01 08:37:08 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 2.2.30.1:
- quota_warning scripts weren't working in v2.2.30
- vpopmail still wasn't compiling
   2017-05-31 13:04:37 by Adam Ciarcinski | Files touched by this commit (4)
Log message:
Changes 2.2.30:
* auth: Use timing safe comparisons for everything related to
  passwords. It's unlikely that these could have been used for
  practical attacks, especially because Dovecot delays and flushes all
  failed authentications in 2 second intervals. Also it could have
  worked only when passwords were stored in plaintext in the passdb.
* master process sends SIGQUIT to all running children at shutdown,
  which instructs them to close all the socket listeners immediately.
  This way restarting Dovecot should no longer fail due to some
  processes keeping the listeners open for a long time.

+ auth: Add passdb { mechanisms=none } to match separate passdb lookup
+ auth: Add passdb { username_filter } to use passdb only if user
  matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
+ dsync: Add dsync_commit_msgs_interval setting. It attempts to commit
  the transaction after saving this many new messages. Because of the
  way dsync works, it may not always be possible if mails are copied
  or UIDs need to change.
+ imapc: Support imapc_features=search without ESEARCH extension.
+ imapc: Add imapc_features=fetch-bodystructure to pass through remote
  server's FETCH BODY and BODYSTRUCTURE.
+ imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the
  remote server.
+ passdb imap: Add allow_invalid_cert and ssl_ca_file parameters.
+ If dovecot.index.cache corruption is detected, reset only the one
  corrupted mail instead of the whole file.
+ doveadm mailbox status: Add "firstsaved" field.
+ director_flush_socket: Add old host's up/down and vhost count as parameters
- More fixes to automatically fix corruption in dovecot.list.index
- dsync-server: Fix support for dsync_features=empty-header-workaround
- imapc: Various bugfixes, including infinite loops on some errors
- IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't
  enabled modseq tracking via CONDSTORE/QRESYNC.
- fts-lucene: Fix it to work again with mbox format
- Some internal error messages may have contained garbage in v2.2.29
- mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys
  are used. Otherwise the copied mails can't be opened.
- vpopmail: Fix compiling
   2017-05-15 14:31:10 by Jonathan Perkin | Files touched by this commit (2)
Log message:
Move including options.mk to Makefile.common, the plugins do a full build
so need to build it the same way as the main package.  Fixes SSL build.
   2017-04-19 11:05:16 by Jonathan Perkin | Files touched by this commit (1)
Log message:
Explicitly disable epoll/inotify on illumos, based on patch in PR#52176.
   2017-04-13 03:59:08 by Takahiro Kambe | Files touched by this commit (4) | Package updated
Log message:
Update dovecot2 to 2.2.29.1.  This release contains security fixes.

v2.2.29.1 2017-04-12  Timo Sirainen <tss@iki.fi>

	- imapc reconnection fix was forgotten from 2.2.29 release, which also
	  made "make check" fail in a unit test
	- dict-sql: Merging multiple UPDATEs to a single statement wasn't
	  actually working.
	- Fixed building with vpopmail

v2.2.29 2017-04-10  Timo Sirainen <tss@iki.fi>

	* passdb/userdb dict: Don't double-expand %variables in keys. If dict
	  was used as the authentication passdb, using specially crafted
	  %variables in the username could be used to cause DoS (CVE-2017-2669)
	* When Dovecot encounters an internal error, it logs the real error and
	  usually logs another line saying what function failed. Previously the
	  second log line's error message was a rather uninformative "Internal
	  error occurred. Refer to server log for more information." Now the
	  real error message is duplicated in this second log line.
	* lmtp: If a delivery has multiple recipients, run autoexpunging only
	  for the last recipient. This avoids a problem where a long
	  autoexpunge run causes LMTP client to timeout between the DATA
	  replies, resulting in duplicate mail deliveries.
	* config: Don't stop the process due to idling. Otherwise the
	  configuration is reloaded when the process restarts.
	* mail_log plugin: Differentiate autoexpunges from regular expunges
	* imapc: Use LOGOUT to cleanly disconnect from server.
	* lib-http: Internal status codes (>9000) are no longer visible in logs
	* director: Log vhost count changes and HOST-UP/DOWN

	+ quota: Add plugin { quota_max_mail_size } setting to limit the
	  maximum individual mail size that can be saved.
	+ imapc: Add imapc_features=delay-login. If set, connecting to the
	  remote IMAP server isn't done until it's necessary.
	+ imapc: Add imapc_connection_retry_count and
	  imapc_connection_retry_interval settings.
	+ imap, pop3, indexer-worker: Add (deinit) to process title before
	  autoexpunging runs.
	+ Added %{encrypt} and %{decrypt} variables
	+ imap/pop3 proxy: Log proxy state in errors as human-readable string.
	+ imap/pop3-login: All forward_* extra fields returned by passdb are
	  sent to the next hop when proxying using ID/XCLIENT commands. On the
	  receiving side these fields are imported and sent to auth process
	  where they're accessible via %{passdb:forward_*}. This is done only
	  if the sending IP address matches login_trusted_networks.
	+ imap-login: If imap_id_retain=yes, send the IMAP ID string to
	  auth process. %{client_id} expands to it in auth process. The ID
	  string is also sent to the next hop when proxying.
	+ passdb imap: Use ssl_client_ca_* settings for CA validation.
	- fts-tika: Fixed crash when parsing attachment without
	  Content-Disposition header. Broken by 2.2.28.
	- trash plugin was broken in 2.2.28
	- auth: When passdb/userdb lookups were done via auth-workers, too much
	  data was added to auth cache. This could have resulted in wrong
	  replies when using multiple passdbs/userdbs.
	- auth: passdb { skip & mechanisms } were ignored for the first passdb
	- oauth2: Various fixes, including fixes to crashes
	- dsync: Large Sieve scripts (or other large metadata) weren't always
	  synced.
	- Index rebuild (e.g. doveadm force-resync) set all mails as \Recent
	- imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix
	- doveadm: Exit codes weren't preserved when proxying commands via
	  doveadm-server. Almost all errors used exit code 75 (tempfail).
	- ACLs weren't applied to not-yet-existing autocreated mailboxes.
	- Fixed a potential crash when parsing a broken message header.
	- cassandra: Fallback consistency settings weren't working correctly.
	- doveadm director status <user>: "Initial config" was always empty
	- imapc: Various reconnection fixes.
   2017-03-18 08:14:47 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
Changes 2.2.28:
* director: "doveadm director move" to same host now refreshes user's
  timeout. This allows keeping user constantly in the same backend by
  just periodically moving the user there.
* When new mailbox is created, use initially INBOX's
  dovecot.index.cache caching decisions.
* Expunging mails writes GUID to dovecot.index.log now only if the
  GUID is quickly available from index/cache.
* pop3c: Increase timeout for PASS command to 5 minutes.
* Mail access errors are no longer ignored when searching or sorting.
  With IMAP the untagged SEARCH/SORT reply is still sent the same as
  before, but NO reply is returned instead of OK.

+ Make dovecot.list.index's filename configurable. This is needed when
  there are multiple namespaces pointing to the same mail root
  (e.g. lazy_expunge namespace for mdbox).
+ Add size.virtual to dovecot.index when folder vsizes are accessed
  (e.g. quota=count). This is mainly a workaround to avoid slow quota
  recalculation performance when message sizes get lost from
  dovecot.index.cache due to corruption or some other reason.
+ auth: Support OAUTHBEARER and XOAUTH2 mechanisms. Also support them
  in lib-dsasl for client side.
+ auth: Support filtering by SASL mechanism: passdb { mechanisms }
+ Shrink the mail processes' memory usage by not storing settings
  duplicated unnecessarily many times.
+ imap: Add imap_fetch_failure setting to control what happens when
  FETCH fails for some mails (see example-config).
+ imap: Include info about last command in disconnection log line.
+ imap: Created new SEARCH=X-MIMEPART extension. It's currently not
  advertised by default, since it's not fully implemented.
+ fts-solr: Add support for basic authentication.
+ Cassandra: Support automatically retrying failed queries if
  execution_retry_interval and execution_retry_times are set.
+ doveadm: Added "mailbox path" command.
+ mail_log plugin: If plugin { mail_log_cached_only=yes }, log the
  wanted fields only if it doesn't require opening the email.
+ mail_vsize_bg_after_count setting added (see example-config).
+ mail_sort_max_read_count setting added (see example-config).
+ pop3c: Added pop3c_features=no-pipelining setting to prevent using
  PIPELINING extension even though it's advertised.

- Index files: day_first_uid wasn't updated correctly since v2.2.26.
  This caused dovecot.index.cache to be non-optimal.
- imap: SEARCH/SORT may have assert-crashed in
  client_check_command_hangs
- imap: FETCH X-MAILBOX may have assert-crashed in virtual mailboxes.
- imap: Running time in tagged command reply was often wrongly 0.
- search: Using NOT n:* or NOT UID n:* wasn't handled correctly
- director: doveadm director kick was broken
- director: Fix crash when using director_flush_socket
- director: Fix some bugs when moving users between backends
- imapc: Various error handling fixes and improvements
- master: doveadm process status output had a lot of duplicates.
- autoexpunge: If mailbox's rename timestamp is newer than mail's
  save-timestamp, use it instead. This is useful when autoexpunging
  e.g. Trash/* and an entire mailbox is deleted by renaming it under
  Trash to prevent it from being autoexpunged too early.
- autoexpunge: Multiple processes may have been trying to expunge the
  same mails simultaneously. This was problematic especially with
  lazy_expunge plugin.
- auth: %{passdb:*} was empty in auth-worker processes
- auth-policy: hashed_password was always sent empty.
- dict-sql: Merge multiple UPDATEs to a single statement if possible.
- fts-solr: Escape {} chars when sending queries
- fts: fts_autoindex_exclude = \Special-use caused crashes
- doveadm-server: Fix leaks and other problems when process is reused
  for multiple requests (service_count != 1)
- sdbox: Fix assert-crash on mailbox create race
- lda/lmtp: deliver_log_format values weren't entirely correct if Sieve
  was used. especially %{storage_id} was broken.
- lmtp_user_concurrency_limit didn't work if userdb changed username
   2017-01-17 16:39:40 by Thomas Klausner | Files touched by this commit (2)
Log message:
Include sys/time.h for struct timeval.
Build fix for NetBSD-7.99.59.