From: Timo Sirainen Date: Tue, 29 Nov 2016 21:05:03 +0000 (+0200) Subject: v2.2.27.rc1 released X-Git-Tag: 2.2.27~19 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=574558a357d5d1868d2ad00aadb9827c5a4b2da9;p=thirdparty%2Fdovecot%2Fcore.git v2.2.27.rc1 released --- diff --git a/NEWS b/NEWS index 52315d1568..283b0be1af 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,285 @@ +v2.2.27 2016-12-xx Timo Sirainen + + * dovecot.list.index.log rotation sizes/times were changed so that + the .log file stays smaller and .log.2 is deleted sooner. + + + Added mail_crypt plugin that allows encryption of stored emails. + See http://wiki2.dovecot.org/Plugins/MailCrypt + + stats: Global stats can be sent to Carbon server by setting + stats_carbon_server=ip:port + + imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send + ID/XCLIENT + + Added generic hash modifier for %variables: + %{;rounds=,truncate=,salt=s>:field} + Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256. + Also "pkcs5" is supported using SHA256. For example: %{sha256:user} + or %{md5;truncate=32:user}. + + Added support for SHA3-256 and SHA3-512 hashes. + + config: Support DNS wildcards in local_name, e.g. + local_name *.example.com { .. } matches anything.example.com, but + not multiple.anything.example.com. + - Fixed crash in auth process when auth-policy was configured and + authentication was aborted/failed without a username set. + - director: If two users had different tags but the same hash, + the users may have been redirected to the wrong tag's hosts. + - Index files may have been thought incorrectly lost, causing + "Missing middle file seq=.." to be logged and index rebuild. + This happened more easily with IMAP hibernation enabled. + - Various fixes to restoring state correctly in un-hibernation. + - dovecot.index files were commonly 4 bytes per email too large. This + is because 3 bytes per email were being wasted that could have been + used for IMAP keywords. + - Various fixes to handle dovecot.list.index corruption better. + - lib-fts: Fixed assert-crash in address tokenizer with specific input. + - Fixed assert-crash in HTML to text parsing with specific input + (e.g. for FTS indexing or snippet generation) + - doveadm sync -1: Fixed handling mailbox GUID conflicts. + - sdbox, mdbox: Perform full index rebuild if corruption is detected + inside lib-index, which runs index fsck. + +v2.2.26.0 2016-10-28 Timo Sirainen + + - Fixed some compiling issues. + - auth: Fixed assert-crash when using NTLM or SKEY mechanisms and + multiple passdbs. + - auth: Fixed crash when exporting to auth-worker passdb extra fields + that had empty values. + - dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit + +v2.2.26 2016-10-27 Timo Sirainen + + * master: Removed hardcoded 511 backlog limit for listen(). The kernel + should limit this as needed. + * doveadm import: Source user is now initialized the same as target + user. Added -U parameter to override the source user. + * Mailbox names are no longer limited to 16 hierarchy levels. We'll + check another way to make sure mailbox names can't grow larger than + 4096 bytes. + + + Added a concept of "alternative usernames" by returning user_* extra + field(s) in passdb. doveadm proxy list shows these alt usernames in + "doveadm proxy list" output. "doveadm director&proxy kick" adds + -f parameter. The alt usernames don't have to be + unique, so this allows creation of user groups and kicking them in + one command. + + auth: passdb/userdb dict allows now %variables in key settings. + + auth: If passdb returns noauthenticate=yes extra field, assume that + it only set extra fields and authentication wasn't actually performed. + + auth: passdb static now supports password={scheme} prefix. + + auth, login_log_format_elements: Added %{local_name} variable, which + expands to TLS SNI hostname if given. + + imapc: Added imapc_max_line_length to limit maximum memory usage. + + imap, pop3: Added rawlog_dir setting to store IMAP/POP3 traffic logs. + This replaces at least partially the rawlog plugin. + + dsync: Added dsync_features=empty-header-workaround setting. This + makes incremental dsyncs work better for servers that randomly return + empty headers for mails. When an empty header is seen for an existing + mail, dsync assumes that it matches the local mail. + + doveadm sync/backup: Added -I parameter to skip too + large mails. + + doveadm sync/backup: Fixed -t parameter and added -e for "end date". + + doveadm mailbox metadata: Added -s parameter to allow accessing + server metadata by using empty mailbox name. + + Added "doveadm service status" and "doveadm process status" commands. + + director: Added director_flush_socket. See + http://wiki2.dovecot.org/Director#Flush_socket + + doveadm director flush: Users are now moved only max 100 at a time to + avoid load spikes. --max-parallel parameter overrides this. + + Added FILE_LOCK_SLOW_WARNING_MSECS environment, which logs a warning + if any lock is waited on or kept for this many milliseconds. + + - master process's listener socket was leaked to all child processes. + This might have allowed untrusted processes to capture and prevent + "doveadm service stop" comands from working. + - login proxy: Fixed crash when outgoing SSL connections were hanging. + - auth: userdb fields weren't passed to auth-workers, so %{userdb:*} + from previous userdbs didn't work there. + - auth: Each userdb lookup from cache reset its TTL. + - auth: Fixed auth_bind=yes + sasl_bind=yes to work together + - auth: Blocking userdb lookups reset extra fields set by previous + userdbs. + - auth: Cache keys didn't include %{passdb:*} and %{userdb:*} + - auth-policy: Fixed crash due to using already-freed memory if policy + lookup takes longer than auth request exists. + - lib-auth: Unescape passdb/userdb extra fields. Mainly affected + returning extra fields with LFs or TABs. + - lmtp_user_concurrency_limit>0 setting was logging unnecessary + anvil errors. + - lmtp_user_concurrency_limit is now checked before quota check with + lmtp_rcpt_check_quota=yes to avoid unnecessary quota work. + - lmtp: %{userdb:*} variables didn't work in mail_log_prefix + - autoexpunge settings for mailboxes with wildcards didn't work when + namespace prefix was non-empty. + - Fixed writing >2GB to iostream-temp files (used by fs-compress, + fs-metawrap, doveadm-http) + - director: Ignore duplicates in director_servers setting. + - director: Many fixes related to connection handshaking, user moving + and error handling. + - director: Don't break with shutdown_clients=no + - zlib, IMAP BINARY: Fixed internal caching when accessing multiple + newly created mails. They all had UID=0 and the next mail could have + wrongly used the previously cached mail. + - doveadm stats reset wasn't reseting all the stats. + - auth_stats=yes: Don't update num_logins, since it doubles them when + using with mail stats. + - quota count: Fixed deadlocks when updating vsize header. + - dict-quota: Fixed crashes happening due to memory corruption. + - dict proxy: Fixed various timeout-related bugs. + - doveadm proxying: Fixed -A and -u wildcard handling. + - doveadm proxying: Fixed hangs and bugs related to printing. + - imap: Fixed wrongly triggering assert-crash in + client_check_command_hangs. + - imap proxy: Don't send ID command pipelined with nopipelining=yes + - imap-hibernate: Don't execute quota_over_script or last_login after + un-hibernation. + - imap-hibernate: Don't un-hibernate if client sends DONE+IDLE in one + IP packet. + - imap-hibernate: Fixed various failures when un-hibernating. + - fts: fts_autoindex=yes was broken in 2.2.25 unless + fts_autoindex_exclude settings existed. + - fts-solr: Fixed searching multiple mailboxes (patch by x16a0) + - doveadm fetch body.snippet wasn't working in 2.2.25. Also fixed a + crash with certain emails. + - pop3-migration + dbox: Various fixes related to POP3 UIDL + optimization in 2.2.25. + - pop3-migration: Fixed "truncated email header" workaround. + +v2.2.25 2016-07-01 Timo Sirainen + + * lmtp: Start tracking lmtp_user_concurrency_limit and reject already + at RCPT TO stage. This avoids MTA unnecessarily completing DATA only + to get an error. + * doveadm: Previously only mail settings were read from protocol + doveadm { .. } section. Now all settings are. + + + quota: Added quota_over_flag_lazy_check setting. It avoids checking + quota_over_flag always at startup. Instead it's checked only when + quota is being read for some other purpose. + + auth: Added a new auth policy service: + http://wiki2.dovecot.org/Authentication/Policy + + auth: Added PBKDF2 password scheme + + auth: Added %{auth_user}, %{auth_username} and %{auth_domain} + + auth: Added ":remove" suffix to extra field names to remove them. + + auth: Added "delay_until=[+]" passdb + extra field. The auth will wait until and optionally some + randomness and then return success. + + dict proxy: Added idle_msecs= parameter. Support async operations. + + Performance improvements for handling large mailboxes. + + Added lib-dcrypt API for providing cryptographic functions. + + Added "doveadm mailbox update" command + + imap commands' output now includes timing spent on the "syncing" + stage if it's larger than 0. + + cassandra: Added metrics= to connect setting to output internal + statistics in JSON format every second to . + + doveadm mailbox delete: Added -e parameter to delete only empty + mailboxes. Added --unsafe option to quickly delete a mailbox, + bypassing lazy_expunge and quota plugins. + + doveadm user & auth cache flush are now available via doveadm-server. + + doveadm service stop will stop specified services while + leaving the rest of Dovecot running. + + quota optimization: Avoid reading mail sizes for backends which + don't need them (count, fs, dirsize) + + Added mailbox { autoexpunge_max_mails= } setting. + + Added welcome plugin: http://wiki2.dovecot.org/Plugins/Welcome + + fts: Added fts_autoindex_exclude setting. + - v2.2.24's MIME parser was assert-crashing on mails having truncated + MIME headers. + - auth: With multiple userdbs the final success/failure result wasn't + always correct. The last userdb's result was always used. + - doveadm backup was sometimes deleting entire mailboxes unnecessarily. + - doveadm: Command -parameters weren't being sent to doveadm-server. + - If dovecot.index read failed e.g. because mmap() reached VSZ limit, + an empty index could have been opened instead, corrupting the + mailbox state. + - imapc: Fixed EXPUNGE handling when imapc_features didn't have modseq. + - lazy-expunge: Fixed a crash when copying failed. Various other fixes. + - fts-lucene: Fixed crash on index rescan. + - auth_stats=yes produced broken output + - dict-ldap: Various fixes + - dict-sql: NULL values crashed. Now they're treated as "not found". + +v2.2.24 2016-04-26 Timo Sirainen + + * doveconf now warns if it sees a global setting being changed when + the same setting was already set inside some filters. (A common + mistake has been adding more plugins to a global mail_plugins + setting after it was already set inside protocol { .. }, which + caused the global setting to be ignored for that protocol.) + * LMTP proxy: Increased default timeout 30s -> 125s. This makes it + less likely to reach the timeout and cause duplicate deliveries. + * LMTP and indexer now append ":suffix" to session IDs to make it + unique for the specific user's delivery. (Fixes duplicate session + ID warnings in stats process.) + + + Added dict-ldap for performing read-only LDAP dict lookups. + + lazy-expunge: All mails can be saved to a single specified mailbox. + + mailbox { autoexpunge } supports now wildcards in mailbox names. + + doveadm HTTP API: Added support for proxy commands + + imapc: Reconnect when getting disconnected in non-selected state. + + imapc: Added imapc_features=modseq to access MODSEQs/HIGHESTMODSEQ. + This is especially useful for incremental dsync. + + doveadm auth/user: Auth lookup performs debug logging if + -o auth_debug=yes is given to doveadm. + + Added passdb/userdb { auth_verbose=yes|no } setting. + + Cassandra: Added user, password, num_threads, connect_timeout and + request_timeout settings. + + doveadm user -e : Print with %variables expanded. + - Huge header lines could have caused Dovecot to use too much memory + (depending on config and used IMAP commands). (Typically this would + result in only the single user's process dying with out of memory + due to reaching service { vsz_limit } - not a global DoS). + - dsync: Detect and handle invalid/stale -s state string better. + - dsync: Fixed crash caused by specific mailbox renames + - auth: Auth cache is now disabled passwd-file. It was unnecessary and + it broke %variables in extra fields. + - fts-tika: Don't crash if it returns 500 error + - dict-redis: Fixed timeout handling + - SEARCH INTHREAD was crashing + - stats: Only a single fifo_listeners was supported, making it + impossible to use both auth_stats=yes and mail stats plugin. + - SSL errors were logged in separate "Stacked error" log lines + instead of as part of the disconnection reason. + - MIME body parser didn't handle properly when a child MIME part's + --boundary had the same prefix as the parent. + +v2.2.23 2016-03-30 Timo Sirainen + + - Various fixes to doveadm. Especially running commands via + doveadm-server was broken. + - director: Fixed user weakness getting stuck in some situations + - director: Fixed a situation where directors keep re-sending + different states to each others and never becoming synced. + - director: Fixed assert-crash related to a slow "user killed" reply + - Fixed assert-crash related to istream-concat, which could have + been triggered at least by a Sieve script. + +v2.2.22 2016-03-16 Timo Sirainen + + + Added doveadm HTTP API: See + http://wiki2.dovecot.org/Design/DoveadmProtocol/HTTP + + virtual plugin: Mailbox filtering can now be done based on the + mailbox metadata. See http://wiki2.dovecot.org/Plugins/Virtual + + stats: Added doveadm stats reset to reset global stats. + + stats: Added authentication statistics if auth_stats=yes. + + dsync, imapc, pop3c & pop3-migration: Many optimizations, + improvements and error handling fixes. + + doveadm: Most commands now stop soon after SIGINT/SIGTERM. + - auth: Auth caching was done too aggressively when %variables were + used in default_fields, override_fields or LDAP pass/user_attrs. + userdb result_* were also ignored when user was found from cache. + - imap: Fixed various assert-crashes caused v2.2.20+. Some of them + caught actual hangs or otherwise unwanted behavior towards IMAP + clients. + - Expunges were forgotten in some situations, for example when + pipelining multiple IMAP MOVE commands. + - quota: Per-namespaces quota were broken for dict and count backends + in v2.2.20+ + - fts-solr: Search queries were using OR instead of AND as the + separator for multi-token search queries in v2.2.20+. + - Single instance storage support wasn't really working in v2.2.16+ + - dbox: POP3 message ordering wasn't working correctly. + - virtual plugin: Fixed crashes related to backend mailbox deletions. + v2.2.21 2015-12-11 Timo Sirainen - doveadm mailbox list (and some others) were broken in v2.2.20 diff --git a/configure.ac b/configure.ac index 9a6f27b3ee..c3dbba66d2 100644 --- a/configure.ac +++ b/configure.ac @@ -2,8 +2,8 @@ AC_PREREQ([2.59]) # Be sure to update ABI version also if anything changes that might require # recompiling plugins. Most importantly that means if any structs are changed. -AC_INIT([Dovecot],[2.2.devel],[dovecot@dovecot.org]) -AC_DEFINE_UNQUOTED([DOVECOT_ABI_VERSION], "2.2.ABIv20($PACKAGE_VERSION)", [Dovecot ABI version]) +AC_INIT([Dovecot],[2.2.27.rc1],[dovecot@dovecot.org]) +AC_DEFINE_UNQUOTED([DOVECOT_ABI_VERSION], "2.2.ABIv27($PACKAGE_VERSION)", [Dovecot ABI version]) AC_CONFIG_AUX_DIR([.]) AC_CONFIG_SRCDIR([src])