Mercurial > dovecot > core-2.2
comparison NEWS @ 22901:6bd037753856
NEWS: Update up to 2.2.34
author | Aki Tuomi <aki.tuomi@dovecot.fi> |
---|---|
date | Mon, 19 Mar 2018 11:30:14 +0200 |
parents | f395cd665008 |
children | 0b6c9c7e7c05 |
comparison
equal
deleted
inserted
replaced
22900:cfadc7f52953 | 22901:6bd037753856 |
---|---|
1 v2.2.34 2018-02-28 Timo Sirainen <tss@iki.fi> | |
2 | |
3 * CVE-2017-15130: TLS SNI config lookups may lead to excessive | |
4 memory usage, causing imap-login/pop3-login VSZ limit to be reached | |
5 and the process restarted. This happens only if Dovecot config has | |
6 local_name { } or local { } configuration blocks and attacker uses | |
7 randomly generated SNI servernames. | |
8 * CVE-2017-14461: Parsing invalid email addresses may cause a crash or | |
9 leak memory contents to attacker. For example, these memory contents | |
10 might contain parts of an email from another user if the same imap | |
11 process is reused for multiple users. First discovered by Aleksandar | |
12 Nikolic of Cisco Talos. Independently also discovered by "flxflndy" | |
13 via HackerOne. | |
14 * CVE-2017-15132: Aborted SASL authentication leaks memory in login | |
15 process. | |
16 * Linux: Core dumping is no longer enabled by default via | |
17 PR_SET_DUMPABLE, because this may allow attackers to bypass | |
18 chroot/group restrictions. Found by cPanel Security Team. Nowadays | |
19 core dumps can be safely enabled by using "sysctl -w | |
20 fs.suid_dumpable=2". If the old behaviour is wanted, it can still be | |
21 enabled by setting: | |
22 import_environment=$import_environment PR_SET_DUMPABLE=1 | |
23 * doveconf output now includes the hostname. | |
24 | |
25 + mail_attachment_detection_options setting controls when | |
26 $HasAttachment and $HasNoAttachment keywords are set for mails. | |
27 + imap: Support fetching body snippets using FETCH (SNIPPET) or | |
28 (SNIPPET (LAZY=FUZZY)) | |
29 + fs-compress: Automatically detect whether input is compressed or not. | |
30 Prefix the compression algorithm with "maybe-" to enable the | |
31 detection, for example: "compress:maybe-gz:6:..." | |
32 + Added settings to change dovecot.index* files' optimization behavior. | |
33 See https://wiki2.dovecot.org/IndexFiles#Settings | |
34 + Auth cache can now utilize auth workers to do password hash | |
35 verification by setting auth_cache_verify_password_with_worker=yes. | |
36 + Added charset_alias plugin. See | |
37 https://wiki2.dovecot.org/Plugins/CharsetAlias | |
38 + imap_logout_format and pop3_logout_format settings now support all of | |
39 the generic variables (e.g. %{rip}, %{session}, etc.) | |
40 + Added auth_policy_check_before_auth, auth_policy_check_after_auth | |
41 and auth_policy_report_after_auth settings. | |
42 - v2.2.33: doveadm-server: Various fixes related to log handling. | |
43 - v2.2.33: doveadm failed when trying to access UNIX socket that didn't | |
44 require authentication. | |
45 - v2.2.33: doveadm log reopen stopped working | |
46 - v2.2.30+: IMAP stopped advertising SPECIAL-USE capability | |
47 - v2.2.30+: IMAP stopped sending untagged OK/NO storage notifications | |
48 - replication: dsync sends unnecessary replication notification for | |
49 changes it does internally. NOTE: Folder creates, renames, deletes | |
50 and subscribes still trigger unnecessary replication notifications, | |
51 but these should be rather rare. | |
52 - mail_always/never_cache_fields setting changes weren't applied for | |
53 existing dovecot.index.cache files. | |
54 - Fix compiling and other problems with OpenSSL v1.1 | |
55 - auth policy: With master user logins, lookup using login username. | |
56 - FTS reindexed all mails unnecessarily after loss of | |
57 dovecot.index.cache file | |
58 - mdbox rebuild repeatedly fails with "missing map extension" | |
59 - SSL connections may have been hanging with imapc or doveadm client. | |
60 - cassandra: Using protocol v3 (Cassandra v2.1) caused memory leaks and | |
61 also timestamps weren't set to queries. | |
62 - fs-crypt silently ignored public/private keys specified in | |
63 configuration (mail_crypt_global_public/private_key) and just | |
64 emitted plaintext output. | |
65 - lock_method=dotlock caused crashes | |
66 - imapc: Reconnection may cause crashes and other errors | |
67 | |
68 v2.2.33.2 2017-10-20 Timo Sirainen <tss@iki.fi> | |
69 | |
70 - doveadm: Fix crash in proxying (or dsync replication) if remote is | |
71 running older than v2.2.33 | |
72 - auth: Fix memory leak in %{ldap_dn} | |
73 - dict-sql: Fix data types to work correctly with Cassandra | |
74 | |
75 v2.2.33.1 2017-10-10 Timo Sirainen <tss@iki.fi> | |
76 | |
77 - dovecot-lda was logging to stderr instead of to the log file. | |
78 | |
79 v2.2.33 2017-10-10 Timo Sirainen <tss@iki.fi> | |
80 | |
81 * doveadm director commands wait for the changes to be visible in the | |
82 whole ring before they return. This is especially useful in testing. | |
83 * Environments listed in import_environment setting are now set or | |
84 preserved when executing standalone commands (e.g. doveadm) | |
85 | |
86 + doveadm proxy: Support proxying logs. Previously the logs were | |
87 visible only in the backend's logs. | |
88 + Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals | |
89 + Added a new notify_status plugin, which can be used to update dict | |
90 with current status of a mailbox when it changes. See | |
91 https://wiki2.dovecot.org/Plugins/NotifyStatus | |
92 + Mailbox list index can be disabled for a namespace by appending | |
93 ":LISTINDEX=" to location setting. | |
94 + dsync/imapc: Added dsync_hashed_headers setting to specify which | |
95 headers are used to match emails. | |
96 + pop3-migration: Add pop3_migration_ignore_extra_uidls=yes to ignore | |
97 mails that are visible in POP3 but not IMAP. This could happen if | |
98 new mails were delivered during the migration run. | |
99 + pop3-migration: Further improvements to help with Zimbra | |
100 + pop3-migration: Cache POP3 UIDLs in imapc's dovecot.index.cache | |
101 if indexes are enabled. These are used to optimize incremental syncs. | |
102 + cassandra, dict-sql: Use prepared statements if protocol version>3. | |
103 + auth: Added %{ldap_dn} variable for passdb/userdb ldap | |
104 - acl: The "create" (k) permission in global acl-file was sometimes | |
105 ignored, allowing users to create mailboxes when they shouldn't have. | |
106 - sdbox: Mails were always opened when expunging, unless | |
107 mail_attachment_fs was explicitly set to empty. | |
108 - lmtp/doveadm proxy: hostip passdb field was ignored, which caused | |
109 unnecessary DNS lookups if host field wasn't an IP | |
110 - lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO | |
111 - quota_clone: Update also when quota is unlimited (broken in v2.2.31) | |
112 - mbox, zlib: Fix assert-crash when accessing compressed mbox | |
113 - doveadm director kick -f parameter didn't work | |
114 - doveadm director flush <host> resulted flushing all hosts, if <host> | |
115 wasn't an IP address. | |
116 - director: Various fixes to handling backend/director changes at | |
117 abnormal times, especially while ring was unsynced. These could have | |
118 resulted in crashes, non-optimal behavior or ignoring some of the | |
119 changes. | |
120 - director: Use less CPU in imap-login processes when moving/kicking | |
121 many users. | |
122 - lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs | |
123 when lmtp_rcpt_check_quota=yes | |
124 - doveadm sync -1 fails when local mailboxes exist that do not exist | |
125 remotely. This commonly happened when lazy_expunge mailbox was | |
126 autocreated when incremental sync expunged mails. | |
127 - pop3: rawlog_dir setting didn't work | |
128 | |
129 | |
130 v2.2.32 2017-08-24 Timo Sirainen <tss@iki.fi> | |
131 | |
132 * imapc: Info-level line is logged every time when successfully | |
133 connected to the remote server. This includes local/remote IP/port, | |
134 which can be useful for matching against external logs. | |
135 * config: Log a warning if plugin { key=no } is used explicitly. | |
136 v2.3 will support "no" properly in plugin settings, but for now | |
137 any value at all for a boolean plugin setting is treated as "yes", | |
138 even if it's written as explicit "no". This change will now warn | |
139 that it most likely won't work as intended. | |
140 | |
141 + Various optimizations to avoid accessing files/directories when it's | |
142 not necessary. Especially avoid accessing mail root directories when | |
143 INDEX directories point to a different filesystem. | |
144 + mail_location can now include ITERINDEX parameter. This tells Dovecot | |
145 to perform mailbox listing from the INDEX path instead of from the | |
146 mail root path. It's mainly useful when the INDEX storage is on a | |
147 faster storage. | |
148 + mail_location can now include VOLATILEDIR=<path> parameter. This | |
149 is used for creating lock files and in future potentially other | |
150 files that don't need to exist permanently. The path could point to | |
151 tmpfs for example. This is especially useful to avoid creating lock | |
152 files to NFS or other remote filesystems. For example: | |
153 mail_location=sdbox:~/sdbox:VOLATILEDIR=/tmp/volatile/%2.256Nu/%u | |
154 + mail_location's LISTINDEX=<path> can now contain a full path. | |
155 This allows storing mailbox list index to a different storage | |
156 than the rest of the indexes, for example to tmpfs. | |
157 + mail_location can now include NO-NOSELECT parameter. This | |
158 automatically deletes any \NoSelect mailboxes that have no children. | |
159 These mailboxes are sometimes confusing to users. | |
160 + mail_location can now include BROKENCHAR=<char> parameter. This can | |
161 be useful with imapc to access mailbox names that aren't valid mUTF-7 | |
162 charset from remote servers. | |
163 + If mailbox_list_index_very_dirty_syncs=yes, the list index is no | |
164 longer refreshed against filesystem when listing mailboxes. This | |
165 allows the mailbox listing to be done entirely by only reading the | |
166 mailbox list index. | |
167 + Added mailbox_list_index_include_inbox setting to control whether | |
168 INBOX's STATUS information should be cached in the mailbox list | |
169 index. The default is "no", but it may be useful to change it to | |
170 "yes", especially if LISTINDEX points to tmpfs. | |
171 + userdb can return chdir=<path>, which override mail_home for the | |
172 chdir location. This can be useful to avoid accessing home directory | |
173 on login. | |
174 + userdb can return postlogin=<socket> to specify per-user imap/pop3 | |
175 postlogin socket path. | |
176 + cassandra: Add support for result paging by adding page_size=<n> | |
177 parameter to the connect setting. | |
178 + dsync/imapc, pop3-migration plugin: Strip also trailing tabs from | |
179 headers when matching mails. This helps with migrations from Zimbra. | |
180 + imap_logout_format supports now %{appended} and %{autoexpunged} | |
181 + virtual plugin: Optimize IDLE to use mailbox list index for finding | |
182 out when something has changed. | |
183 + Added apparmor plugin. See https://wiki2.dovecot.org/Plugins/Apparmor | |
184 - virtual plugin: A lot of fixes. In many cases it was also working | |
185 very inefficiently or even incorrectly. | |
186 - imap: NOTIFY parameter parsing was incorrectly "fixed" in v2.2.31. | |
187 It was actually (mostly) working in previous versions, but broken | |
188 in v2.2.31. | |
189 - Modseq tracking didn't always work correctly. This could have caused | |
190 imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to | |
191 not work perfectly. | |
192 - mdbox: "Inconsistency in map index" wasn't fixed automatically | |
193 - dict-ldap: %variable values used in the LDAP filter weren't escaped. | |
194 - quota=count: quota_warning = -storage=.. was never executed (try #2). | |
195 v2.2.31 fixed it for -messages, but not for -storage. | |
196 - imapc: >= 32 kB mail bodies were supposed to be cached for subsequent | |
197 FETCHes, but weren't. | |
198 - quota-status service didn't support recipient_delimiter | |
199 - acl: Don't access dovecot-acl-list files with acl_globals_only=yes | |
200 - mail_location: If INDEX dir is set, mailbox deletion deletes its | |
201 childrens' indexes. For example if "box" is deleted, "box/child" | |
202 index directory was deleted as well (but mails were preserved). | |
203 - director: v2.2.31 caused rapid reconnection loops to directors | |
204 that were down. | |
205 | |
206 v2.2.31 2017-06-26 Timo Sirainen <tss@iki.fi> | |
207 | |
208 * LMTP: Removed "(Dovecot)" from added Received headers. Some | |
209 installations want to hide it, and there's not really any good reason | |
210 for anyone to have it. | |
211 | |
212 + Add ssl_alt_cert and ssl_alt_key settings to add support for | |
213 having both RSA and ECDSA certificates. | |
214 + dsync/imapc, pop3-migration plugin: Strip trailing whitespace from | |
215 headers when matching mails. This helps with migrations from Zimbra. | |
216 + acl: Add acl_globals_only setting to disable looking up | |
217 per-mailbox dovecot-acl files. | |
218 + Parse invalid message addresses better. This mainly affects the | |
219 generated IMAP ENVELOPE replies. | |
220 - v2.2.30 wasn't fixing corrupted dovecot.index.cache files properly. | |
221 It could have deleted wrong mail's cache or assert-crashed. | |
222 - v2.2.30 mail-crypt-acl plugin was assert-crashing | |
223 - v2.2.30 welcome plugin wasn't working | |
224 - Various fixes to handling mailbox listing. Especially related to | |
225 handling nonexistent autocreated/autosubscribed mailboxes and ACLs. | |
226 - Global ACL file was parsed as if it was local ACL file. This caused | |
227 some of the ACL rule interactions to not work exactly as intended. | |
228 - auth: forward_* fields didn't work properly: Only the first forward | |
229 field was working, and only if the first passdb lookup succeeded. | |
230 - Using mail_sort_max_read_count sometimes caused "Broken sort-* | |
231 indexes, resetting" errors. | |
232 - Using mail_sort_max_read_count may have caused very high CPU usage. | |
233 - Message address parsing could have crashed on invalid input. | |
234 - imapc_features=fetch-headers wasn't always working correctly and | |
235 caused the full header to be fetched. | |
236 - imapc: Various bugfixes related to connection failure handling. | |
237 - quota=imapc sent unnecessary FETCH RFC822.SIZE to server when | |
238 expunging mails. | |
239 - quota=count: quota_warning = -storage=.. was never executed | |
240 - quota=count: Add support for "ns" parameter | |
241 - dsync: Fix incremental syncing for mails that don't have Date or | |
242 Message-ID headers. | |
243 - imap: Fix hang when client sends pipelined SEARCH + | |
244 EXPUNGE/CLOSE/LOGOUT. | |
245 - oauth2: Token validation didn't accept empty server responses. | |
246 - imap: NOTIFY command has been almost completely broken since the | |
247 beginning. I guess nobody has been trying to use it. | |
248 | |
249 | |
250 v2.2.30.2 2017-06-06 Timo Sirainen <tss@iki.fi> | |
251 | |
252 - auth: Multiple failed authentications within short time caused | |
253 crashes | |
254 - push-notification: OX driver crashed at deinit | |
255 | |
256 v2.2.30.1 2017-05-31 Timo Sirainen <tss@iki.fi> | |
257 | |
258 - quota_warning scripts weren't working in v2.2.30 | |
259 - vpopmail still wasn't compiling | |
260 | |
261 v2.2.30 2017-05-30 Timo Sirainen <tss@iki.fi> | |
262 | |
263 * auth: Use timing safe comparisons for everything related to | |
264 passwords. It's unlikely that these could have been used for | |
265 practical attacks, especially because Dovecot delays and flushes all | |
266 failed authentications in 2 second intervals. Also it could have | |
267 worked only when passwords were stored in plaintext in the passdb. | |
268 * master process sends SIGQUIT to all running children at shutdown, | |
269 which instructs them to close all the socket listeners immediately. | |
270 This way restarting Dovecot should no longer fail due to some | |
271 processes keeping the listeners open for a long time. | |
272 | |
273 + auth: Add passdb { mechanisms=none } to match separate passdb lookup | |
274 + auth: Add passdb { username_filter } to use passdb only if user | |
275 matches the filter. See https://wiki2.dovecot.org/PasswordDatabase | |
276 + dsync: Add dsync_commit_msgs_interval setting. It attempts to commit | |
277 the transaction after saving this many new messages. Because of the | |
278 way dsync works, it may not always be possible if mails are copied | |
279 or UIDs need to change. | |
280 + imapc: Support imapc_features=search without ESEARCH extension. | |
281 + imapc: Add imapc_features=fetch-bodystructure to pass through remote | |
282 server's FETCH BODY and BODYSTRUCTURE. | |
283 + imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the | |
284 remote server. | |
285 + passdb imap: Add allow_invalid_cert and ssl_ca_file parameters. | |
286 + If dovecot.index.cache corruption is detected, reset only the one | |
287 corrupted mail instead of the whole file. | |
288 + doveadm mailbox status: Add "firstsaved" field. | |
289 + director_flush_socket: Add old host's up/down and vhost count as parameters | |
290 - More fixes to automatically fix corruption in dovecot.list.index | |
291 - dsync-server: Fix support for dsync_features=empty-header-workaround | |
292 - imapc: Various bugfixes, including infinite loops on some errors | |
293 - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't | |
294 enabled modseq tracking via CONDSTORE/QRESYNC. | |
295 - fts-lucene: Fix it to work again with mbox format | |
296 - Some internal error messages may have contained garbage in v2.2.29 | |
297 - mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys | |
298 are used. Otherwise the copied mails can't be opened. | |
299 - vpopmail: Fix compiling | |
300 | |
301 v2.2.29.1 2017-04-12 Timo Sirainen <tss@iki.fi> | |
302 | |
303 - imapc reconnection fix was forgotten from 2.2.29 release, which also | |
304 made "make check" fail in a unit test | |
305 - dict-sql: Merging multiple UPDATEs to a single statement wasn't | |
306 actually working. | |
307 - Fixed building with vpopmail | |
308 | |
309 v2.2.29 2017-04-10 Timo Sirainen <tss@iki.fi> | |
310 | |
311 * passdb/userdb dict: Don't double-expand %variables in keys. If dict | |
312 was used as the authentication passdb, using specially crafted | |
313 %variables in the username could be used to cause DoS (CVE-2017-2669) | |
314 * When Dovecot encounters an internal error, it logs the real error and | |
315 usually logs another line saying what function failed. Previously the | |
316 second log line's error message was a rather uninformative "Internal | |
317 error occurred. Refer to server log for more information." Now the | |
318 real error message is duplicated in this second log line. | |
319 * lmtp: If a delivery has multiple recipients, run autoexpunging only | |
320 for the last recipient. This avoids a problem where a long | |
321 autoexpunge run causes LMTP client to timeout between the DATA | |
322 replies, resulting in duplicate mail deliveries. | |
323 * config: Don't stop the process due to idling. Otherwise the | |
324 configuration is reloaded when the process restarts. | |
325 * mail_log plugin: Differentiate autoexpunges from regular expunges | |
326 * imapc: Use LOGOUT to cleanly disconnect from server. | |
327 * lib-http: Internal status codes (>9000) are no longer visible in logs | |
328 * director: Log vhost count changes and HOST-UP/DOWN | |
329 | |
330 + quota: Add plugin { quota_max_mail_size } setting to limit the | |
331 maximum individual mail size that can be saved. | |
332 + imapc: Add imapc_features=delay-login. If set, connecting to the | |
333 remote IMAP server isn't done until it's necessary. | |
334 + imapc: Add imapc_connection_retry_count and | |
335 imapc_connection_retry_interval settings. | |
336 + imap, pop3, indexer-worker: Add (deinit) to process title before | |
337 autoexpunging runs. | |
338 + Added %{encrypt} and %{decrypt} variables | |
339 + imap/pop3 proxy: Log proxy state in errors as human-readable string. | |
340 + imap/pop3-login: All forward_* extra fields returned by passdb are | |
341 sent to the next hop when proxying using ID/XCLIENT commands. On the | |
342 receiving side these fields are imported and sent to auth process | |
343 where they're accessible via %{passdb:forward_*}. This is done only | |
344 if the sending IP address matches login_trusted_networks. | |
345 + imap-login: If imap_id_retain=yes, send the IMAP ID string to | |
346 auth process. %{client_id} expands to it in auth process. The ID | |
347 string is also sent to the next hop when proxying. | |
348 + passdb imap: Use ssl_client_ca_* settings for CA validation. | |
349 - fts-tika: Fixed crash when parsing attachment without | |
350 Content-Disposition header. Broken by 2.2.28. | |
351 - trash plugin was broken in 2.2.28 | |
352 - auth: When passdb/userdb lookups were done via auth-workers, too much | |
353 data was added to auth cache. This could have resulted in wrong | |
354 replies when using multiple passdbs/userdbs. | |
355 - auth: passdb { skip & mechanisms } were ignored for the first passdb | |
356 - oauth2: Various fixes, including fixes to crashes | |
357 - dsync: Large Sieve scripts (or other large metadata) weren't always | |
358 synced. | |
359 - Index rebuild (e.g. doveadm force-resync) set all mails as \Recent | |
360 - imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix | |
361 - doveadm: Exit codes weren't preserved when proxying commands via | |
362 doveadm-server. Almost all errors used exit code 75 (tempfail). | |
363 - ACLs weren't applied to not-yet-existing autocreated mailboxes. | |
364 - Fixed a potential crash when parsing a broken message header. | |
365 - cassandra: Fallback consistency settings weren't working correctly. | |
366 - doveadm director status <user>: "Initial config" was always empty | |
367 - imapc: Various reconnection fixes. | |
368 | |
369 v2.2.28 2017-02-24 Timo Sirainen <tss@iki.fi> | |
370 | |
371 * director: "doveadm director move" to same host now refreshes user's | |
372 timeout. This allows keeping user constantly in the same backend by | |
373 just periodically moving the user there. | |
374 * When new mailbox is created, use initially INBOX's | |
375 dovecot.index.cache caching decisions. | |
376 * Expunging mails writes GUID to dovecot.index.log now only if the | |
377 GUID is quickly available from index/cache. | |
378 * pop3c: Increase timeout for PASS command to 5 minutes. | |
379 * Mail access errors are no longer ignored when searching or sorting. | |
380 With IMAP the untagged SEARCH/SORT reply is still sent the same as | |
381 before, but NO reply is returned instead of OK. | |
382 | |
383 + Make dovecot.list.index's filename configurable. This is needed when | |
384 there are multiple namespaces pointing to the same mail root | |
385 (e.g. lazy_expunge namespace for mdbox). | |
386 + Add size.virtual to dovecot.index when folder vsizes are accessed | |
387 (e.g. quota=count). This is mainly a workaround to avoid slow quota | |
388 recalculation performance when message sizes get lost from | |
389 dovecot.index.cache due to corruption or some other reason. | |
390 + auth: Support OAUTHBEARER and XOAUTH2 mechanisms. Also support them | |
391 in lib-dsasl for client side. | |
392 + auth: Support filtering by SASL mechanism: passdb { mechanisms } | |
393 + Shrink the mail processes' memory usage by not storing settings | |
394 duplicated unnecessarily many times. | |
395 + imap: Add imap_fetch_failure setting to control what happens when | |
396 FETCH fails for some mails (see example-config). | |
397 + imap: Include info about last command in disconnection log line. | |
398 + imap: Created new SEARCH=X-MIMEPART extension. It's currently not | |
399 advertised by default, since it's not fully implemented. | |
400 + fts-solr: Add support for basic authentication. | |
401 + Cassandra: Support automatically retrying failed queries if | |
402 execution_retry_interval and execution_retry_times are set. | |
403 + doveadm: Added "mailbox path" command. | |
404 + mail_log plugin: If plugin { mail_log_cached_only=yes }, log the | |
405 wanted fields only if it doesn't require opening the email. | |
406 + mail_vsize_bg_after_count setting added (see example-config). | |
407 + mail_sort_max_read_count setting added (see example-config). | |
408 + pop3c: Added pop3c_features=no-pipelining setting to prevent using | |
409 PIPELINING extension even though it's advertised. | |
410 | |
411 - Index files: day_first_uid wasn't updated correctly since v2.2.26. | |
412 This caused dovecot.index.cache to be non-optimal. | |
413 - imap: SEARCH/SORT may have assert-crashed in | |
414 client_check_command_hangs | |
415 - imap: FETCH X-MAILBOX may have assert-crashed in virtual mailboxes. | |
416 - imap: Running time in tagged command reply was often wrongly 0. | |
417 - search: Using NOT n:* or NOT UID n:* wasn't handled correctly | |
418 - director: doveadm director kick was broken | |
419 - director: Fix crash when using director_flush_socket | |
420 - director: Fix some bugs when moving users between backends | |
421 - imapc: Various error handling fixes and improvements | |
422 - master: doveadm process status output had a lot of duplicates. | |
423 - autoexpunge: If mailbox's rename timestamp is newer than mail's | |
424 save-timestamp, use it instead. This is useful when autoexpunging | |
425 e.g. Trash/* and an entire mailbox is deleted by renaming it under | |
426 Trash to prevent it from being autoexpunged too early. | |
427 - autoexpunge: Multiple processes may have been trying to expunge the | |
428 same mails simultaneously. This was problematic especially with | |
429 lazy_expunge plugin. | |
430 - auth: %{passdb:*} was empty in auth-worker processes | |
431 - auth-policy: hashed_password was always sent empty. | |
432 - dict-sql: Merge multiple UPDATEs to a single statement if possible. | |
433 - fts-solr: Escape {} chars when sending queries | |
434 - fts: fts_autoindex_exclude = \Special-use caused crashes | |
435 - doveadm-server: Fix leaks and other problems when process is reused | |
436 for multiple requests (service_count != 1) | |
437 - sdbox: Fix assert-crash on mailbox create race | |
438 - lda/lmtp: deliver_log_format values weren't entirely correct if Sieve | |
439 was used. especially %{storage_id} was broken. | |
440 - lmtp_user_concurrency_limit didn't work if userdb changed username | |
441 | |
442 v2.2.27 2016-12-03 Timo Sirainen <tss@iki.fi> | |
443 | |
444 * dovecot.list.index.log rotation sizes/times were changed so that | |
445 the .log file stays smaller and .log.2 is deleted sooner. | |
446 | |
447 + Added mail_crypt plugin that allows encryption of stored emails. | |
448 See http://wiki2.dovecot.org/Plugins/MailCrypt | |
449 + stats: Global stats can be sent to Carbon server by setting | |
450 stats_carbon_server=ip:port | |
451 + imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send | |
452 ID/XCLIENT | |
453 + Added generic hash modifier for %variables: | |
454 %{<hash algorithm>;rounds=<n>,truncate=<bits>,salt=s>:field} | |
455 Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256. | |
456 Also "pkcs5" is supported using SHA256. For example: %{sha256:user} | |
457 or %{md5;truncate=32:user}. | |
458 + Added support for SHA3-256 and SHA3-512 hashes. | |
459 + config: Support DNS wildcards in local_name, e.g. | |
460 local_name *.example.com { .. } matches anything.example.com, but | |
461 not multiple.anything.example.com. | |
462 + config: Support multiple names in local_name, e.g. | |
463 local_name "1.example.com 2.example.com" { .. } | |
464 - Fixed crash in auth process when auth-policy was configured and | |
465 authentication was aborted/failed without a username set. | |
466 - director: If two users had different tags but the same hash, | |
467 the users may have been redirected to the wrong tag's hosts. | |
468 - Index files may have been thought incorrectly lost, causing | |
469 "Missing middle file seq=.." to be logged and index rebuild. | |
470 This happened more easily with IMAP hibernation enabled. | |
471 - Various fixes to restoring state correctly in un-hibernation. | |
472 - dovecot.index files were commonly 4 bytes per email too large. This | |
473 is because 3 bytes per email were being wasted that could have been | |
474 used for IMAP keywords. | |
475 - Various fixes to handle dovecot.list.index corruption better. | |
476 - lib-fts: Fixed assert-crash in address tokenizer with specific input. | |
477 - Fixed assert-crash in HTML to text parsing with specific input | |
478 (e.g. for FTS indexing or snippet generation) | |
479 - doveadm sync -1: Fixed handling mailbox GUID conflicts. | |
480 - sdbox, mdbox: Perform full index rebuild if corruption is detected | |
481 inside lib-index, which runs index fsck. | |
482 - quota: Don't skip quota checks when moving mails between different | |
483 quota roots. | |
484 - search: Multiple sequence sets or UID sets in search parameters | |
485 weren't handled correctly. They were incorrectly merged together. | |
486 | |
487 v2.2.26.0 2016-10-28 Timo Sirainen <tss@iki.fi> | |
488 | |
489 - Fixed some compiling issues. | |
490 - auth: Fixed assert-crash when using NTLM or SKEY mechanisms and | |
491 multiple passdbs. | |
492 - auth: Fixed crash when exporting to auth-worker passdb extra fields | |
493 that had empty values. | |
494 - dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit | |
495 | |
496 v2.2.26 2016-10-27 Timo Sirainen <tss@iki.fi> | |
497 | |
498 * master: Removed hardcoded 511 backlog limit for listen(). The kernel | |
499 should limit this as needed. | |
500 * doveadm import: Source user is now initialized the same as target | |
501 user. Added -U parameter to override the source user. | |
502 * Mailbox names are no longer limited to 16 hierarchy levels. We'll | |
503 check another way to make sure mailbox names can't grow larger than | |
504 4096 bytes. | |
505 | |
506 + Added a concept of "alternative usernames" by returning user_* extra | |
507 field(s) in passdb. doveadm proxy list shows these alt usernames in | |
508 "doveadm proxy list" output. "doveadm director&proxy kick" adds | |
509 -f <passdb field> parameter. The alt usernames don't have to be | |
510 unique, so this allows creation of user groups and kicking them in | |
511 one command. | |
512 + auth: passdb/userdb dict allows now %variables in key settings. | |
513 + auth: If passdb returns noauthenticate=yes extra field, assume that | |
514 it only set extra fields and authentication wasn't actually performed. | |
515 + auth: passdb static now supports password={scheme} prefix. | |
516 + auth, login_log_format_elements: Added %{local_name} variable, which | |
517 expands to TLS SNI hostname if given. | |
518 + imapc: Added imapc_max_line_length to limit maximum memory usage. | |
519 + imap, pop3: Added rawlog_dir setting to store IMAP/POP3 traffic logs. | |
520 This replaces at least partially the rawlog plugin. | |
521 + dsync: Added dsync_features=empty-header-workaround setting. This | |
522 makes incremental dsyncs work better for servers that randomly return | |
523 empty headers for mails. When an empty header is seen for an existing | |
524 mail, dsync assumes that it matches the local mail. | |
525 + doveadm sync/backup: Added -I <max size> parameter to skip too | |
526 large mails. | |
527 + doveadm sync/backup: Fixed -t parameter and added -e for "end date". | |
528 + doveadm mailbox metadata: Added -s parameter to allow accessing | |
529 server metadata by using empty mailbox name. | |
530 + Added "doveadm service status" and "doveadm process status" commands. | |
531 + director: Added director_flush_socket. See | |
532 http://wiki2.dovecot.org/Director#Flush_socket | |
533 + doveadm director flush: Users are now moved only max 100 at a time to | |
534 avoid load spikes. --max-parallel parameter overrides this. | |
535 + Added FILE_LOCK_SLOW_WARNING_MSECS environment, which logs a warning | |
536 if any lock is waited on or kept for this many milliseconds. | |
537 | |
538 - master process's listener socket was leaked to all child processes. | |
539 This might have allowed untrusted processes to capture and prevent | |
540 "doveadm service stop" comands from working. | |
541 - login proxy: Fixed crash when outgoing SSL connections were hanging. | |
542 - auth: userdb fields weren't passed to auth-workers, so %{userdb:*} | |
543 from previous userdbs didn't work there. | |
544 - auth: Each userdb lookup from cache reset its TTL. | |
545 - auth: Fixed auth_bind=yes + sasl_bind=yes to work together | |
546 - auth: Blocking userdb lookups reset extra fields set by previous | |
547 userdbs. | |
548 - auth: Cache keys didn't include %{passdb:*} and %{userdb:*} | |
549 - auth-policy: Fixed crash due to using already-freed memory if policy | |
550 lookup takes longer than auth request exists. | |
551 - lib-auth: Unescape passdb/userdb extra fields. Mainly affected | |
552 returning extra fields with LFs or TABs. | |
553 - lmtp_user_concurrency_limit>0 setting was logging unnecessary | |
554 anvil errors. | |
555 - lmtp_user_concurrency_limit is now checked before quota check with | |
556 lmtp_rcpt_check_quota=yes to avoid unnecessary quota work. | |
557 - lmtp: %{userdb:*} variables didn't work in mail_log_prefix | |
558 - autoexpunge settings for mailboxes with wildcards didn't work when | |
559 namespace prefix was non-empty. | |
560 - Fixed writing >2GB to iostream-temp files (used by fs-compress, | |
561 fs-metawrap, doveadm-http) | |
562 - director: Ignore duplicates in director_servers setting. | |
563 - director: Many fixes related to connection handshaking, user moving | |
564 and error handling. | |
565 - director: Don't break with shutdown_clients=no | |
566 - zlib, IMAP BINARY: Fixed internal caching when accessing multiple | |
567 newly created mails. They all had UID=0 and the next mail could have | |
568 wrongly used the previously cached mail. | |
569 - doveadm stats reset wasn't reseting all the stats. | |
570 - auth_stats=yes: Don't update num_logins, since it doubles them when | |
571 using with mail stats. | |
572 - quota count: Fixed deadlocks when updating vsize header. | |
573 - dict-quota: Fixed crashes happening due to memory corruption. | |
574 - dict proxy: Fixed various timeout-related bugs. | |
575 - doveadm proxying: Fixed -A and -u wildcard handling. | |
576 - doveadm proxying: Fixed hangs and bugs related to printing. | |
577 - imap: Fixed wrongly triggering assert-crash in | |
578 client_check_command_hangs. | |
579 - imap proxy: Don't send ID command pipelined with nopipelining=yes | |
580 - imap-hibernate: Don't execute quota_over_script or last_login after | |
581 un-hibernation. | |
582 - imap-hibernate: Don't un-hibernate if client sends DONE+IDLE in one | |
583 IP packet. | |
584 - imap-hibernate: Fixed various failures when un-hibernating. | |
585 - fts: fts_autoindex=yes was broken in 2.2.25 unless | |
586 fts_autoindex_exclude settings existed. | |
587 - fts-solr: Fixed searching multiple mailboxes (patch by x16a0) | |
588 - doveadm fetch body.snippet wasn't working in 2.2.25. Also fixed a | |
589 crash with certain emails. | |
590 - pop3-migration + dbox: Various fixes related to POP3 UIDL | |
591 optimization in 2.2.25. | |
592 - pop3-migration: Fixed "truncated email header" workaround. | |
593 | |
594 v2.2.25 2016-07-01 Timo Sirainen <tss@iki.fi> | |
595 | |
596 * lmtp: Start tracking lmtp_user_concurrency_limit and reject already | |
597 at RCPT TO stage. This avoids MTA unnecessarily completing DATA only | |
598 to get an error. | |
599 * doveadm: Previously only mail settings were read from protocol | |
600 doveadm { .. } section. Now all settings are. | |
601 | |
602 + quota: Added quota_over_flag_lazy_check setting. It avoids checking | |
603 quota_over_flag always at startup. Instead it's checked only when | |
604 quota is being read for some other purpose. | |
605 + auth: Added a new auth policy service: | |
606 http://wiki2.dovecot.org/Authentication/Policy | |
607 + auth: Added PBKDF2 password scheme | |
608 + auth: Added %{auth_user}, %{auth_username} and %{auth_domain} | |
609 + auth: Added ":remove" suffix to extra field names to remove them. | |
610 + auth: Added "delay_until=<timestamp>[+<max random secs>]" passdb | |
611 extra field. The auth will wait until <timestamp> and optionally some | |
612 randomness and then return success. | |
613 + dict proxy: Added idle_msecs=<n> parameter. Support async operations. | |
614 + Performance improvements for handling large mailboxes. | |
615 + Added lib-dcrypt API for providing cryptographic functions. | |
616 + Added "doveadm mailbox update" command | |
617 + imap commands' output now includes timing spent on the "syncing" | |
618 stage if it's larger than 0. | |
619 + cassandra: Added metrics=<path> to connect setting to output internal | |
620 statistics in JSON format every second to <path>. | |
621 + doveadm mailbox delete: Added -e parameter to delete only empty | |
622 mailboxes. Added --unsafe option to quickly delete a mailbox, | |
623 bypassing lazy_expunge and quota plugins. | |
624 + doveadm user & auth cache flush are now available via doveadm-server. | |
625 + doveadm service stop <services> will stop specified services while | |
626 leaving the rest of Dovecot running. | |
627 + quota optimization: Avoid reading mail sizes for backends which | |
628 don't need them (count, fs, dirsize) | |
629 + Added mailbox { autoexpunge_max_mails=<n> } setting. | |
630 + Added welcome plugin: http://wiki2.dovecot.org/Plugins/Welcome | |
631 + fts: Added fts_autoindex_exclude setting. | |
632 - v2.2.24's MIME parser was assert-crashing on mails having truncated | |
633 MIME headers. | |
634 - auth: With multiple userdbs the final success/failure result wasn't | |
635 always correct. The last userdb's result was always used. | |
636 - doveadm backup was sometimes deleting entire mailboxes unnecessarily. | |
637 - doveadm: Command -parameters weren't being sent to doveadm-server. | |
638 - If dovecot.index read failed e.g. because mmap() reached VSZ limit, | |
639 an empty index could have been opened instead, corrupting the | |
640 mailbox state. | |
641 - imapc: Fixed EXPUNGE handling when imapc_features didn't have modseq. | |
642 - lazy-expunge: Fixed a crash when copying failed. Various other fixes. | |
643 - fts-lucene: Fixed crash on index rescan. | |
644 - auth_stats=yes produced broken output | |
645 - dict-ldap: Various fixes | |
646 - dict-sql: NULL values crashed. Now they're treated as "not found". | |
647 | |
648 v2.2.24 2016-04-26 Timo Sirainen <tss@iki.fi> | |
649 | |
650 * doveconf now warns if it sees a global setting being changed when | |
651 the same setting was already set inside some filters. (A common | |
652 mistake has been adding more plugins to a global mail_plugins | |
653 setting after it was already set inside protocol { .. }, which | |
654 caused the global setting to be ignored for that protocol.) | |
655 * LMTP proxy: Increased default timeout 30s -> 125s. This makes it | |
656 less likely to reach the timeout and cause duplicate deliveries. | |
657 * LMTP and indexer now append ":suffix" to session IDs to make it | |
658 unique for the specific user's delivery. (Fixes duplicate session | |
659 ID warnings in stats process.) | |
660 | |
661 + Added dict-ldap for performing read-only LDAP dict lookups. | |
662 + lazy-expunge: All mails can be saved to a single specified mailbox. | |
663 + mailbox { autoexpunge } supports now wildcards in mailbox names. | |
664 + doveadm HTTP API: Added support for proxy commands | |
665 + imapc: Reconnect when getting disconnected in non-selected state. | |
666 + imapc: Added imapc_features=modseq to access MODSEQs/HIGHESTMODSEQ. | |
667 This is especially useful for incremental dsync. | |
668 + doveadm auth/user: Auth lookup performs debug logging if | |
669 -o auth_debug=yes is given to doveadm. | |
670 + Added passdb/userdb { auth_verbose=yes|no } setting. | |
671 + Cassandra: Added user, password, num_threads, connect_timeout and | |
672 request_timeout settings. | |
673 + doveadm user -e <value>: Print <value> with %variables expanded. | |
674 - Huge header lines could have caused Dovecot to use too much memory | |
675 (depending on config and used IMAP commands). (Typically this would | |
676 result in only the single user's process dying with out of memory | |
677 due to reaching service { vsz_limit } - not a global DoS). | |
678 - dsync: Detect and handle invalid/stale -s state string better. | |
679 - dsync: Fixed crash caused by specific mailbox renames | |
680 - auth: Auth cache is now disabled passwd-file. It was unnecessary and | |
681 it broke %variables in extra fields. | |
682 - fts-tika: Don't crash if it returns 500 error | |
683 - dict-redis: Fixed timeout handling | |
684 - SEARCH INTHREAD was crashing | |
685 - stats: Only a single fifo_listeners was supported, making it | |
686 impossible to use both auth_stats=yes and mail stats plugin. | |
687 - SSL errors were logged in separate "Stacked error" log lines | |
688 instead of as part of the disconnection reason. | |
689 - MIME body parser didn't handle properly when a child MIME part's | |
690 --boundary had the same prefix as the parent. | |
691 | |
692 v2.2.23 2016-03-30 Timo Sirainen <tss@iki.fi> | |
693 | |
694 - Various fixes to doveadm. Especially running commands via | |
695 doveadm-server was broken. | |
696 - director: Fixed user weakness getting stuck in some situations | |
697 - director: Fixed a situation where directors keep re-sending | |
698 different states to each others and never becoming synced. | |
699 - director: Fixed assert-crash related to a slow "user killed" reply | |
700 - Fixed assert-crash related to istream-concat, which could have | |
701 been triggered at least by a Sieve script. | |
702 | |
703 v2.2.22 2016-03-16 Timo Sirainen <tss@iki.fi> | |
704 | |
705 + Added doveadm HTTP API: See | |
706 http://wiki2.dovecot.org/Design/DoveadmProtocol/HTTP | |
707 + virtual plugin: Mailbox filtering can now be done based on the | |
708 mailbox metadata. See http://wiki2.dovecot.org/Plugins/Virtual | |
709 + stats: Added doveadm stats reset to reset global stats. | |
710 + stats: Added authentication statistics if auth_stats=yes. | |
711 + dsync, imapc, pop3c & pop3-migration: Many optimizations, | |
712 improvements and error handling fixes. | |
713 + doveadm: Most commands now stop soon after SIGINT/SIGTERM. | |
714 - auth: Auth caching was done too aggressively when %variables were | |
715 used in default_fields, override_fields or LDAP pass/user_attrs. | |
716 userdb result_* were also ignored when user was found from cache. | |
717 - imap: Fixed various assert-crashes caused v2.2.20+. Some of them | |
718 caught actual hangs or otherwise unwanted behavior towards IMAP | |
719 clients. | |
720 - Expunges were forgotten in some situations, for example when | |
721 pipelining multiple IMAP MOVE commands. | |
722 - quota: Per-namespaces quota were broken for dict and count backends | |
723 in v2.2.20+ | |
724 - fts-solr: Search queries were using OR instead of AND as the | |
725 separator for multi-token search queries in v2.2.20+. | |
726 - Single instance storage support wasn't really working in v2.2.16+ | |
727 - dbox: POP3 message ordering wasn't working correctly. | |
728 - virtual plugin: Fixed crashes related to backend mailbox deletions. | |
729 | |
1 v2.2.21 2015-12-11 Timo Sirainen <tss@iki.fi> | 730 v2.2.21 2015-12-11 Timo Sirainen <tss@iki.fi> |
2 | 731 |
3 - doveadm mailbox list (and some others) were broken in v2.2.20 | 732 - doveadm mailbox list (and some others) were broken in v2.2.20 |
4 - director: Fixed making backend changes when running with only a | 733 - director: Fixed making backend changes when running with only a |
5 single director server. | 734 single director server. |