From: Timo Sirainen Date: Wed, 21 Nov 2018 09:47:24 +0000 (+0200) Subject: Released v2.3.4. X-Git-Tag: 2.3.4^0 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0ecbaf23daec309400f7ba5982daf971003c98da;p=thirdparty%2Fdovecot%2Fcore.git Released v2.3.4. --- diff --git a/NEWS b/NEWS index 78d34b0027..f33af3476d 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,179 @@ +v2.3.4 2018-11-23 Timo Sirainen + + * The default postmaster_address is now "postmaster@". If username contains the @domain part, that's + used. If not, then the server's hostname is used. + * "doveadm stats dump" now returns two decimals for the "avg" field. + + + Added push notification driver that uses a Lua script + + Added new SQL, DNS and connection events. + See https://wiki2.dovecot.org/Events + + Added "doveadm mailbox cache purge" command. + + Added events API support for Lua scripts + + doveadm force-resync -f parameter performs "index fsck" while opening + the index. This may be useful to fix some types of broken index files. + This may become the default behavior in a later version. + - director: Kicking a user crashes if login process is very slow + - pop3_no_flag_updates=no: Don't expunge DELEted and RETRed messages + unless QUIT is sent. + - auth: Fix crypt() segfault with glibc-2.28+ + - imap: Running UID FILTER script with errors assert-crashes + - dsync, pop3-migration: POP3 UIDLs weren't added to + dovecot.index.cache while mails were saved. + - dict clients may have been using 100% CPU while waiting for dict + server to finish commands. + - doveadm user: Fixed user listing via HTTP API + - All levels of Cassandra log messages were logged as Dovecot errors. + - http/smtp client may have crashed after SSL handshake + - Lua auth converted strings that looked like numbers into numbers. + + +v2.3.3 2018-10-01 Timo Sirainen + + * doveconf hides more secrets now in the default output. + * ssl_dh setting is no longer enforced at startup. If it's not set and + non-ECC DH key exchange happens, error is logged and client is + disconnected. + + + Added log_debug= setting. + + Added log_core_filter= setting. + + quota-clone: Write to dict asynchronously + + --enable-hardening attempts to use retpoline Spectre 2 mitigations + + lmtp proxy: Support source_ip passdb extra field. + + doveadm stats dump: Support more fields and output stddev by default. + + push-notification: Add SSL support for OX backend. + - NUL bytes in mail headers can cause truncated replies when fetched. + - director: Conflicting host up/down state changes may in some rare + situations ended up in a loop of two directors constantly overwriting + each others' changes. + - director: Fix hang/crash when multiple doveadm commands are being + handled concurrently. + - director: Fix assert-crash if doveadm disconnects too early + - virtual plugin: Some searches used 100% CPU for many seconds + - dsync assert-crashed with acl plugin in some situations. + - mail_attachment_detection_options=add-flags-on-save assert-crashed + with some specific Sieve scripts. + - Mail snippet generation crashed with mails containing invalid + Content-Type:multipart header. + - Log prefix ordering was different for some log lines. + - quota: With noenforcing option current quota usage wasn't updated. + - auth: Kerberos authentication against Samba assert-crashed. + - stats clients were unnecessarily chatty with the stats server. + - imapc: Fixed various assert-crashes when reconnecting to server. + - lmtp, submission: Fix potential crash if client disconnects while + handling a command. + - quota: Fixed compiling with glibc-2.26 / support libtirpc. + - fts-solr: Empty search values resulted in 400 Bad Request errors + - fts-solr: default_ns parameter couldn't be used + - submission server crashed if relay server returned over 7 lines in + a reply (e.g. to EHLO) + +v2.3.2.1 2018-07-09 Timo Sirainen + + - SSL/TLS servers may have crashed during client disconnection + - lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may have + sometimes assert-crashed. + - v2.3.2: "make check" may have crashed with 32bit systems + +v2.3.2 2018-06-29 Timo Sirainen + + * old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while + opening /proc/self/io. This may still cause security problems if the + process is ptrace()d at the same time. Instead, open it while still + running as root. + + doveadm: Added mailbox cache decision&remove commands. See + doveadm-mailbox(1) man page for details. + + doveadm: Added rebuild attachments command for rebuilding + $HasAttachment or $HasNoAttachment flags for matching mails. See + doveadm-rebuild(1) man page for details. + + cassandra: Use fallback_consistency on more types of errors + + lmtp proxy: Support outgoing SSL/TLS connections + + lmtp: Add lmtp_rawlog_dir and lmtp_proxy_rawlog_dir settings. + + submission: Add support for rawlog_dir + + submission: Add submission_client_workarounds setting. + + lua auth: Add password_verify() function and additional fields in + auth request. + - doveadm-server: TCP connections are hanging when there is a lot of + network output. This especially caused hangs in dsync-replication. + - Using multiple type=shared mdbox namespaces crashed + - mail_fsync setting was ignored. It was always set to "optimized". + - lua auth: Fix potential crash at deinit + - SSL/TLS servers may have crashed if client disconnected during + handshake. + - SSL/TLS servers: Don't send extraneous certificates to client when + alt certs are used. + - lda, lmtp: Return-Path header without '<' may have assert-crashed. + - lda, lmtp: Unencoded UTF-8 in email address headers may assert-crash + - lda: -f parameter didn't allow empty/null/domainless address + - lmtp, submission: Message size limit was hardcoded to 40 MB. + Exceeding it caused the connection to get dropped during transfer. + - lmtp: Fix potential crash when delivery fails at DATA stage + - lmtp: login_greeting setting was ignored + - Fix to work with OpenSSL v1.0.2f + - systemd unit restrictions were too strict by default + - Fix potential crashes when a lot of log output was produced + - SMTP client may have assert-crashed when sending mail + - IMAP COMPRESS: Send "end of compression" marker when disconnecting. + - cassandra: Fix consistency=quorum to work + - dsync: Lock file generation failed if home directory didn't exist + - Snippet generation for HTML mails didn't ignore &entities inside + blockquotes, producing strange looking snippets. + - imapc: Fix assert-crash if getting disconnected and after + reconnection all mails in the selected mailbox are gone. + - pop3c: Handle unexpected server disconnections without assert-crash + - fts: Fixes to indexing mails via virtual mailboxes. + - fts: If mails contained NUL characters, the text around it wasn't + indexed. + - Obsolete dovecot.index.cache offsets were sometimes used. Trying to + fetch a field that was just added to cache file may not have always + found it. + +v2.3.1 2018-02-29 Aki Tuomi + + * Submission server support improvements and bug fixes + - Lots of bug fixes to submission server + * API CHANGE: array_idx_modifiable will no longer allocate space + - Particularly affects how you should check MODULE_CONTEXT result, or + use REQUIRE_MODULE_CONTEXT. + + + mail_attachment_detection_options setting controls when + $HasAttachment and $HasNoAttachment keywords are set for mails. + + imap: Support fetching body snippets using FETCH (SNIPPET) or + (SNIPPET (LAZY=FUZZY)) + + fs-compress: Automatically detect whether input is compressed or not. + Prefix the compression algorithm with "maybe-" to enable the + detection, for example: "compress:maybe-gz:6:..." + + Added settings to change dovecot.index* files' optimization behavior. + See https://wiki2.dovecot.org/IndexFiles#Settings + + Auth cache can now utilize auth workers to do password hash + verification by setting auth_cache_verify_password_with_worker=yes. + + Added charset_alias plugin. See + https://wiki2.dovecot.org/Plugins/CharsetAlias + + imap_logout_format and pop3_logout_format settings now support all of + the generic variables (e.g. %{rip}, %{session}, etc.) + + Added auth_policy_check_before_auth, auth_policy_check_after_auth + and auth_policy_report_after_auth settings. + + master: Support HAProxy PP2_TYPE_SSL command and set "secured" + variable appropriately + - Invalid UCS4 escape in HTML can cause crashes + - imap: IMAP COMPRESS -enabled clietn crashes on disconnect + - lmtp: Fix crash when user is over quota + - lib-lda: Parsing Return-Path header address fails when it contains + CFWS + - auth: SASL with Exim fails for AUTH commands without an initial + response + - imap: SPECIAL-USE capability isn't automatically added + - auth: LDAP subqueries do not support standard auth variables in + var-expand + - auth: SHA256-CRYPT and SHA512-CRYPT schemes do not work + - lib-index: mail_always/never_cache_fields are not used for existing + cache files + - imap: Fetching headers leaks memory if search doesn't find any mails + - lmtp: ORCPT support in RCPT TO + - imap-login: Process sometimes ends up in infinite loop + - sdbox: Rolled back save/copy transaction doesn't delete temp files + - mail: lock_method=dotlock causes crashes + v2.3.0.1 2018-02-28 Timo Sirainen * CVE-2017-15130: TLS SNI config lookups may lead to excessive diff --git a/configure.ac b/configure.ac index 27b3cebcdb..83eb1b398b 100644 --- a/configure.ac +++ b/configure.ac @@ -2,8 +2,8 @@ AC_PREREQ([2.59]) # Be sure to update ABI version also if anything changes that might require # recompiling plugins. Most importantly that means if any structs are changed. -AC_INIT([Dovecot],[2.3.devel],[dovecot@dovecot.org]) -AC_DEFINE_UNQUOTED([DOVECOT_ABI_VERSION], "2.3.ABIv0($PACKAGE_VERSION)", [Dovecot ABI version]) +AC_INIT([Dovecot],[2.3.4],[dovecot@dovecot.org]) +AC_DEFINE_UNQUOTED([DOVECOT_ABI_VERSION], "2.3.ABIv4($PACKAGE_VERSION)", [Dovecot ABI version]) AC_CONFIG_SRCDIR([src]) AC_CONFIG_MACRO_DIR([m4])