./mail/dovecot2-gssapi, Secure IMAP and POP3 server (GSSAPI plugin)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.3.17, Package name: dovecot-gssapi-2.3.17, Maintainer: adam

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems,
written with security primarily in mind. This package contains the GSSAPI
authentication plugin.

Required to run:
[mail/dovecot2] [archivers/lz4]

Required to build:

Package options: kqueue, pam, ssl, tcpwrappers

Master sites:

Filesize: 7518.842 KB

Version history: (Expand)

CVS history: (Expand)

   2021-11-02 13:03:54 by Adam Ciarcinski | Files touched by this commit (6) | Package updated
Log message:
dovecot2: updated to 2.3.17


* Dovecot now logs a warning if time seems to jump forward at least
  100 milliseconds.
* dict: Lines logged by the dict process now contain the dict name as
  the prefix.
* lib-index: mail_cache_fields, mail_always_cache_fields and
  mail_never_cache_fields now verifies that the listed header names are
  valid. Especially the UTF8 "–" character has sometimes been wrongly
  used instead of the ASCII "-".
+ *-login: Added login_proxy_rawlog_dir setting to capture
  rawlogs between proxy and backend.
+ dict: The server process now keeps the last 10 idle dict backends
  cached for maximum of 30 seconds. Practically this acts as a
  connection pool for dict-redis and dict-ldap. Note that this doesn't
  affect dict-sql, because it already had its own internal cache.
+ doveadm: New stats add/remove commands added to support changing the
  metrics configuration on runtime.
+ lazy_expunge: Added lazy_expunge_exclude settings to disable
  lazy_expunge for specific folders. \Special-use flags can be used as
  folder names.
+ lib-lua: Added a new helper function dovecot.restrict_global_variables()
  to disable or enable defining new global variables.
- LAYOUT=index List index rebuild was missing.
- LAYOUT=index: Duplicate GUIDs were not detected.
- acl: When using acl_ignore_namespace Dovecot attempted to access or
  create dovecot-acl-list even when the namespace should have been
  ignored. For virtual namespaces this could have yielded errors about
  "Read-only file system" or "Permission denied".
- auth: Setting the "master" passdb field to empty value would
  cause proxying to fail with an authentication error.
  Now an empty "master" field is ignored.
- doveadm-server: Duplicate error lines were sent for failed commands.
  This didn't normally cause visible problems, except when using
  wildcards in usernames or -A parameter to go through multiple users.
- doveadm-server: Logs written by doveadm-server were often missing log
  prefixes, especially mail_log_prefix for mail commands. Logs sent to
  doveadm TCP client were also missing log prefixes.
- doveadm: v2.3 regression: batch command always crashes.
- doveadm: v2.3.11 regression: Commands failed if ssl_cert or
  ssl_key files weren't readable by the user running doveadm, even
  though doveadm didn't actually use these settings
- imap-hibernate: Process may crash at deinit:
  Panic: file ioloop.c: line 928 (io_loop_destroy): assertion failed:
  (ioloop->cur_ctx == NULL).
- imap: Using imap_fetch_failure=no-after can cause assert-crash
  with some IMAP commands if reading the mail fails (e.g. wrong cached
  mail size). Fixes:
  Panic: file index-mail-headers.c: line 198 (index_mail_parse_header_init):
  assertion failed: (!mail->data.header_parser_initialized)
- imap: v2.3.10 regression: When using INDEXPVT to enable private
  \Seen flags (for shared or public namespaces) the STORE command did
  not send untagged replies for the \Seen flag changes.
- imap: v2.3.15 regression: If PREVIEW/SNIPPET is not the final FETCH
  option in the command, the IMAP FETCH response is broken.
- imap: v2.3.15 regression: MOVE command leaks mailbox if it can't be
  opened and crashes at deinit:
  Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed:
  ((*user)->refcount == 1).
- imapc: Copying nonexistent mail via imapc could have crashed. Fixes:
  Panic: file mail-storage.c: line 2385 (mailbox_transaction_commit_get_changes):
  assertion failed: (ret < 0 || \ 
seq_range_count(&changes_r->saved_uids) == save_count ||
  array_count(&changes_r->saved_uids) == 0).
- indexer: v2.3.15 regression: Process crashes if indexer-client
  disconnects while it's waiting for command reply. This happened for
  example if IMAP SEARCH triggered long fts indexing and the IMAP
  client disconnected while waiting for the reply.
- indexer: v2.3.15 regression: Process may have crashed in some situations.
- indexer: v2.3.15 regression: indexer-worker processes may not have
  reached the process_limit in some situations, possibly even using just
  one indexer-worker process even though there were many indexing
  requests queued.
- lib-compression: Reading lz4 compressed mdbox mails may crash. Fixes:
  Panic: file istream.c: line 345 (i_stream_read_memarea):
  assertion failed: (!stream->blocking).
- lib-compression: bench-compress crashes due to xz being read-only.
- lib-lua: Fix linking libdict_lua for non-GNU linkers when Lua support
  is disabled.
- lib-mail: There was no limit on how large an email header name could be.
  Processable header names are now limited to 1000 bytes.
- lib-oauth2: Dovecot disallowed JWT tokens if their validity time was
  older than token creation time (nbf < iat).
- lib-storage: Reduce memory footprint of certain storage operations.
- lib-storage: When listing mailboxes with storage name escape
  characters (^ or .) as part of the mailbox name, the listing could
  show corrupted mailbox names. Due to an issue in handling escaped
  parent folders, the listing of other mailbox names would become
  corrupted by prepending parts of the previously listed mailboxes
  parent folder as prefix to the actual mailbox names. The corruption
  can occur when using LAYOUT=INDEX and maildir or obox, or when using
  the listescape plugin.
- mail-crypt: Fix "-O" argument for "doveadm mailbox cryptokey \ 
  command to be a boolean, and not expect a string.
- submission-login: Add support for not authenticating to next hop in
  submission proxying.
- submission-login: EHLO was not sent again after XCLIENT when doing
  submission proxying.
- virtual: Mailboxes do not correctly detect underlying mailboxes
  getting re-created even though they have a different UIDVALIDITY or
   2021-10-21 09:46:39 by Thomas Klausner | Files touched by this commit (77)
Log message:
*: recursive bump for heimdal 7.7.0

its buildlink3.mk now includes openssl's buildlink3.mk
   2021-01-04 15:57:19 by Takahiro Kambe | Files touched by this commit (8) | Package updated
Log message:
mail/dovecot2: update to 2.3.13

Update mail/dovecot2 pacakge to 2.3.13, including security fixes.

v2.3.13 2021-01-04	Aki Tuomi <aki.tuomi@open-xchange.com>

	* CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
	  allow logged in user to access other people's emails and filesystem
	* Metric filter and global event filter variable syntax changed to a
	  SQL-like format. See https://doc.dovecot.org/configuration_manual/event_filter/
	* auth: Added new aliases for %{variables}. Usage of the old ones is
	  possible, but discouraged.
	* auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
	  mechanism and related password schemes.
	* auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
	* auth: Removed postfix postmap socket
	+ auth: Added new fields for auth server events. These fields are now
	  also available for all auth events. See
	  for details.
	+ imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated
	  and imap_client_unhibernate_retried events. See
	  https://doc.dovecot.org/admin_manual/list_of_events/ for details.
	+ lib-index: Added new mail_index_recreated event. See
	+ lib-sql: Support TLS options for cassandra driver. This requires
	  cpp-driver v2.15 (or later) to work reliably.
	+ lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now
	  added to existing mails if mail_attachment_detection_option=add-flags
	  and it can be done inexpensively.
	+ login proxy: Added login_proxy_max_reconnects setting (default 3) to
	  control how many reconnections are attempted.
	+ login proxy: imap/pop3/submission/managesieve proxying now supports
	  reconnection retrying on more than just connect() failure. Any error
	  except a non-temporary authentication failure will result in reconnect
	- auth: Lua passdb/userdb leaks stack elements per call, eventually
	  causing the stack to become too deep and crashing the auth or
	  auth-worker process.
	- auth: SASL authentication PLAIN mechanism could be used to trigger
	  read buffer overflow. However, this doesn't seem to be exploitable in
	  any way.
	- auth: v2.3.11 regression: GSSAPI authentication fails because dovecot
	  disallows NUL bytes for it.
	- dict: Process used too much CPU when iterating keys, because each key
	  used a separate write() syscall.
	- doveadm-server: Crash could occur if logging was done outside command
	  handling. For example http-client could have done debug logging
	  afterwards, resulting in either segfault or
	  Panic: file http-client.c: line 642 (http_client_context_close):
	  assertion failed: (cctx->clients_list == NULL).
	- doveadm-server: v2.3.11 regression: Trying to connect to doveadm server
	  process via starttls assert-crashed if there were no ssl=yes listeners:
	  Panic: file master-service-ssl.c: line 22 (master_service_ssl_init):
	  assertion failed: (service->ssl_ctx_initialized).
	- fts-solr: HTTP requests may have assert-crashed:
	  Panic: file http-client-request.c: line 1232 (http_client_request_send_more):
	  assertion failed: (req->payload_input != NULL)
	- imap: IMAP NOTIFY could crash with a segmentation fault due to a bad
	  configuration that causes errors. Sending the error responses to the
	  client can cause the segmentation fault. This can for example happen
	  when several namespaces use the same mail storage location.
	- imap: IMAP NOTIFY used on a shared namespace that doesn't actually
	  exist (e.g. public namespace for a nonexistent user) can crash with a panic:
	  Panic: Leaked view for index /tmp/home/asdf/mdbox/dovecot.list.index: Opened \ 
in (null):0
	- imap: IMAP session can crash with QRESYNC extension if many changes
	  are done before asking for expunged mails since last sync.
	- imap: Process might hang indefinitely if client disconnects after
	  sending some long-running commands pipelined, for example FETCH+LOGOUT.
	- lib-compress: Mitigate crashes when configuring a not compiled in
	  compression. Errors with compression configuration now distinguish
	  between not supported and unknown.
	- lib-compression: Using xz/lzma compression in v2.3.11 could have
	  written truncated output in some situations. This would result in
	  "Broken pipe" read errors when trying to read it back.
	- lib-compression: zstd compression could have crashed in some situations:
	  Panic: file ostream.c: line 287 (o_stream_sendv_int): assertion failed: \ 
	- lib-dict: dict client could have crashed in some rare situations when
	  iterating keys.
	- lib-http: Fix several assert-crashes in HTTP client.
	- lib-index: v2.3.11 regression: When mails were expunged at the same
	  time as lots of new content was being saved to the cache (e.g. cache
	  file was lost and is being re-filled) a deadlock could occur with
	  dovecot.index.cache / dovecot.index.log.
	- lib-index: v2.3.11 regression: dovecot.index.cache file was being
	  purged (rewritten) too often when it had a field that hadn't been
	  accessed for over 1 month, but less than 2 months. Every cache file
	  change caused a purging in this situation.
	- lib-mail: MIME parts were not returned correctly by Dovecot MIME parser.
	  Regression caused by fixing CVE-2020-12100.
	- lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE
	  was written in a way that may have caused confusion for both IMAP
	  clients and Dovecot itself when parsing it. The truncated part is now
	  written out using application/octet-stream MIME type.
	- lib-mail: v2.3.11 regression: Mail delivery / parsing crashed when the
	  10000th MIME part was message/rfc822 (or if parent was multipart/digest):
	  Panic: file message-parser.c: line 167 (message_part_append):
	  assertion failed: (ctx->total_parts_count <= ctx->max_total_mime_parts).
	- lib-oauth2: Dovecot incorrectly required oauth2 server introspection
	  reply to contain username with invalid token.
	- lib-ssl-iostream, lib-dcrypt: Fix building with OpenSSL that has
	  deprecated APIs disabled.
	- lib-storage: When mail's size is different from the cached one (in
	  dovecot.index.cache or Maildir S=size in the filename), this is
	  handled by logging "Cached message size smaller/larger than expected"
	  error. However, in some situations this also ended up crashing with:
	  Panic: file istream.c: line 315 (i_stream_read_memarea):
	  assertion failed: (old_size <= _stream->pos - _stream->skip).
	- lib-storage: v2.3 regression: Copying/moving mails was taking much more
	  memory than before. This was mainly visible when copying/moving
	  thousands of mails in a single transaction.
	- lib-storage: v2.3.11 regression: Searching messages assert-crashed
	  (without FTS): Panic: file message-parser.c: line 174 (message_part_finish):
	  assertion failed: (ctx->nested_parts_count > 0).
	- lib: Dovecot v2.3 moved signal handlers around in ioloops,
	  causing more CPU usage than in v2.2.
	- lib: Fixed JSON parsing: '\' escape sequence may have wrongly resulted
	  in error if it happened to be at read boundary. Any NUL characters and
	  '\u0000' will now result in parsing error instead of silently
	  truncating the data.
	- lmtp, submission: Server may hang if SSL client connection disconnects
	  during the delivery. If this happened repeated, it could have ended
	  up reaching process_limit and preventing any further lmtp/submission
	- lmtp: Proxy does not always properly log TLS connection problems as
	  errors; in some cases, only a debug message is logged if enabled.
	- lmtp: The LMTP service can hang when commands are pipelined. This can
	  particularly occur when one command in the middle of the pipeline fails.
	  One example of this occurs for proxied LMTP transactions in which the
	  final DATA or BDAT command is pipelined after a failing RCPT command.
	- login-proxy: The login_source_ips setting has no effect, and therefore
	  the proxy source IPs are not cycled through as they should be.
	- master: Process was using 100% CPU in some situations when a broken
	  service was being throttled.
	- pop3-login: POP3 login would fail with "Input buffer full" if the
	  initial response for SASL was too long.
	- stats: Crash would occur when generating openmetrics data for metrics
	  using aggregating functions.
   2020-12-03 20:30:01 by Mark Davies | Files touched by this commit (3)
Log message:
dovecot2-gssapi: GSSAPI can contain NUL.
   2018-11-30 19:43:10 by Adam Ciarcinski | Files touched by this commit (11) | Package updated
Log message:
dovecot2: updated to 2.3.4

 * The default postmaster_address is now "postmaster@<user domain or
   server hostname>". If username contains the @domain part, that's
   used. If not, then the server's hostname is used.
 * "doveadm stats dump" now returns two decimals for the \ 
"avg" field.

 + Added push notification driver that uses a Lua script
 + Added new SQL, DNS and connection events.
   See https://wiki2.dovecot.org/Events
 + Added "doveadm mailbox cache purge" command.
 + Added events API support for Lua scripts
 + doveadm force-resync -f parameter performs "index fsck" while opening
   the index. This may be useful to fix some types of broken index files.
   This may become the default behavior in a later version.
 - director: Kicking a user crashes if login process is very slow
 - pop3_no_flag_updates=no: Don't expunge DELEted and RETRed messages
   unless QUIT is sent.
 - auth: Fix crypt() segfault with glibc-2.28+
 - imap: Running UID FILTER script with errors assert-crashes
 - dsync, pop3-migration: POP3 UIDLs weren't added to
   dovecot.index.cache while mails were saved.
 - dict clients may have been using 100% CPU while waiting for dict
   server to finish commands.
 - doveadm user: Fixed user listing via HTTP API
 - All levels of Cassandra log messages were logged as Dovecot errors.
 - http/smtp client may have crashed after SSL handshake
 - Lua auth converted strings that looked like numbers into numbers.
   2018-10-23 18:29:19 by Adam Ciarcinski | Files touched by this commit (9) | Package updated
Log message:
dovecot2: updated to 2.3.3

* doveconf hides more secrets now in the default output.
* ssl_dh setting is no longer enforced at startup. If it's not set and
  non-ECC DH key exchange happens, error is logged and client is

+ Added log_debug=<filter> setting.
+ Added log_core_filter=<log filter> setting.
+ quota-clone: Write to dict asynchronously
+ --enable-hardening attempts to use retpoline Spectre 2 mitigations
+ lmtp proxy: Support source_ip passdb extra field.
+ doveadm stats dump: Support more fields and output stddev by default.
+ push-notification: Add SSL support for OX backend.
- NUL bytes in mail headers can cause truncated replies when fetched.
- director: Conflicting host up/down state changes may in some rare
  situations ended up in a loop of two directors constantly overwriting
  each others' changes.
- director: Fix hang/crash when multiple doveadm commands are being
  handled concurrently.
- director: Fix assert-crash if doveadm disconnects too early
- virtual plugin: Some searches used 100% CPU for many seconds
- dsync assert-crashed with acl plugin in some situations.
- mail_attachment_detection_options=add-flags-on-save assert-crashed
  with some specific Sieve scripts.
- Mail snippet generation crashed with mails containing invalid
  Content-Type:multipart header.
- Log prefix ordering was different for some log lines.
- quota: With noenforcing option current quota usage wasn't updated.
- auth: Kerberos authentication against Samba assert-crashed.
- stats clients were unnecessarily chatty with the stats server.
- imapc: Fixed various assert-crashes when reconnecting to server.
- lmtp, submission: Fix potential crash if client disconnects while
  handling a command.
- quota: Fixed compiling with glibc-2.26 / support libtirpc.
- fts-solr: Empty search values resulted in 400 Bad Request errors
- fts-solr: default_ns parameter couldn't be used
- submission server crashed if relay server returned over 7 lines in
  a reply (e.g. to EHLO)
   2016-12-12 15:22:04 by Thomas Klausner | Files touched by this commit (30)
Log message:
Revert "Specify readline requirement on 30 packages"

Many of these definitely do not depend on readline.
So there must be a different underlying problem, and that
should be tracked down instead of papering over it.
   2016-12-04 04:51:17 by John Marino | Files touched by this commit (30)
Log message:
Specify readline requirement on 30 packages

/usr/libexec/binutils225/elf/ld.gold: error: cannot find -lreadline

The missing specification is obvious on DragonFly because there's
no publically accessible version of readline in base.