Dovecot 2.3.21.1
- CVE-2024-23184: A large number of address headers in email resulted
in excessive CPU usage. [boo#1229184]
- CVE-2024-23185: Abnormally large email headers are now truncated or
discarded, with a limit of 10MB on a single header and 50MB for all
the headers of all the parts of an email. [boo#1229183]
- oauth2: Dovecot would send client_id and client_secret as POST parameters
to introspection server. These need to be optionally in Basic auth
instead as required by OIDC specification.
- oauth2: JWT key type check was too strict.
- oauth2: JWT token audience was not validated against client_id as
required by OIDC specification.
- oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out
protocol specific error message on all errors. This broke OIDC discovery.
- oauth2: JWT aud validation was not performed if aud was missing
from token, but was configured on Dovecot.
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=121
- update to 2.3.21 and pigeonhole 0.5.21
Dovecot 2.3.21
* lib-oauth2: Allow JWT tokens to be validated with missing typ field.
The typ field is left out by some key issuers to conserve space,
notably kubernetes. Now missing typ is tolerated, but if present, it
still must be "jwt".
+ auth: Auth passdb and userdb reply can contain "event_<name>=value"
which will be added to login event and mail user event respectively.
+ lib-master: Set process title during various initialization stages to
clearly describe what the process is waiting on.
+ lib-storage: The mail_temp_scan_interval is now fuzzed incrementing it
by 0..30% based on username's hash to reduce the chance of load spikes.
+ lib-storage: The temp file scan has been moved from the open of the
mailbox to the close, to reduce the latency perceived by users.
+ stats: If metric has fields specified, all these fields are
exported as counters to prometheus exposition.
See https://doc.dovecot.org/configuration_manual/stats/openmetrics/.
OBS-URL: https://build.opensuse.org/request/show/1111575
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=117
- Add support for Zstandard (zstd) to the compression (zlib) plugin: zstd has a
better compression ratio than gzip for the same amount of CPU work, or takes
less CPU to compress the same. It's also faster to decompress.
- Add dovecot-2.3.19-fix-doveadm-sync-special-folders.patch:
Patches from the release-2.3 branch that fix issues importing the INBOX
folder from a Cyrus IMAP server and dealing with auto-creating folders that
haven't yet been created
OBS-URL: https://build.opensuse.org/request/show/1043991
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=108
- update to 2.3.19 and pigeonhole 0.5.19
Dovecot 2.3.19
+ Added mail_user_session_finished event, which is emitted when the mail
user session is finished (e.g. imap, pop3, lmtp). It also includes
fields with some process statistics information.
See https://doc.dovecot.org/admin_manual/list_of_events/ for more
information.
+ Added process_shutdown_filter setting. When an event matches the filter,
the process will be shutdown after the current connection(s) have
finished. This is intended to reduce memory usage of long-running imap
processes that keep a lot of memory allocated instead of freeing it to
the OS.
+ auth: Add cache hit indicator to auth passdb/userdb finished events.
See https://doc.dovecot.org/admin_manual/list_of_events/ for more
information.
+ doveadm deduplicate: Performance is improved significantly.
+ imapc: COPY commands were sent one mail at a time to the remote IMAP
server. Now the copying is buffered, so multiple mails can be copied
with a single COPY command.
+ lib-lua: Add a Lua interface to Dovecot's HTTP client library. See
https://doc.dovecot.org/admin_manual/lua/ for more information.
- auth: Cache lookup would use incorrect cache key after username change.
- auth: Improve handling unexpected LDAP connection errors/hangs.
Try to fix up these cases by reconnecting to the LDAP server and
aborting LDAP requests earlier.
- auth: Process crashed if userdb iteration was attempted while auth-workers
were already full handling auth requests.
- auth: db-oauth2: Using %{oauth2:name} variables caused unnecessary
introspection requests.
- dict: Timeouts may have been leaked at deinit.
OBS-URL: https://build.opensuse.org/request/show/976125
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=104
- update to 2.3.14 and pigeonhole to 0.5.14
* removed obsolete fix-timeval_cmp_margin-for-32bit-systems.patch
Dovecot 2.3.14
* Added new aliases for some variables. Usage of the old ones is possible,
but discouraged. (These were partially added already to v2.3.13.)
See https://doc.dovecot.org/configuration_manual/config_file/config_variables/
for more information.
* Optimize imap/pop3/submission/managesieve proxies to use less CPU at
the cost of extra memory usage.
* Remove autocreate, expire, snarf and mail-filter plugins.
* Remove cydir storage driver.
* Remove XZ/LZMA write support. Read support will be removed in future release.
* doveadm -D: Add timestamps to debug output even when LOG_STDERR_TIMESTAMP
environment variable is not set. Timestamp format is taken from
log_timestamp setting.
* If BROKENCHAR or listescape plugin is used, the escaped folder names
may be slightly different from before in some situations. This is
unlikely to cause issues, although caching clients may redownload the
folders.
* imapc: It now enables BROKENCHAR=~ by default to escape remote folder
names if necessary. This also means that if there are any '~'
characters in the remote folder names, they will be visible as "~7e".
* imapc: When using local index files folder names were escaped on
filesystem a bit differently. This affects only if there are folder
names that actually require escaping, which isn't so common. The old
style folders will be automatically deleted from filesystem.
* stats: Update exported metrics to be compliant with OpenMetrics standard.
+ doveadm: Add an optional '-p' parameter to metadata list command. If
enabled, "/private", and "/shared" metadata prefixes will be prepended
to the keys in the list output.
+ doveconf: Support environment variables in config files. See
https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax/#environment-variables
for more details.
+ indexer-worker: Change indexer to disconnect from indexer-worker
after each request. This allows service indexer-worker's service_count &
idle_kill settings to work. These can be used to restart indexer-worker
processes once in a while to reduce their memory usage.
- auth: "nodelay" with various authentication mechanisms such as apop
and digest-md5 crashed AUTH process if authentication failed.
- auth: Auth lua script generating an error triggered an assertion
failure: Panic: file db-lua.c: line 630 (auth_lua_call_password_verify):
assertion failed: (lua_gettop(script->L) == 0).
- configure: Fix libunwind detection to work on other than x86_64 systems.
- doveadm-server: Process could crash if logging was done outside command
handling. For example http-client could have done debug logging
afterwards, resulting in either segfault or Panic:
file http-client.c: line 642 (http_client_context_close):
assertion failed: (cctx->clients_list == NULL).
- dsync: Folder name escaping with BROKENCHAR didn't work completely
correctly. This especially caused problems with dsync-migrations using
imapc where some of the remote folder names may not have been accessible.
- dsync: doveadm sync + imapc doesn't always sync all mails when doing
an incremental sync (-1), which could lead to mail loss when it's used
for migration. This happens only when GUIDs aren't used (i.e.
imapc without imapc_features=guid-forced).
- fts-tika: When tika server returns error, some mails cause Panic:
file message-parser.c: line 802 (message_parser_deinit_from_parts):
assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input))
- lib-imap: imapc parsing illegal BODYSTRUCTUREs with NILs could have
resulted in crashes. This exposed that Dovecot was wrongly accepting
atoms in "nstring" handling. Changed the IMAP parsing to be more
strict about this now.
- lib-index: If dovecot.index.cache has corrupted message size, fetching
BODY/BODYSTRUCTURE may cause assert-crash:
Panic: file index-mail.c: line 1140 (index_mail_parse_body_finish):
assertion failed: (mail->data.parts != NULL).
- lib-index: Minor error handling and race condition fixes related to
rotating dovecot.index.log. These didn't usually cause problems,
unless the log files were rotated rapidly.
- lib-lua: Lua scripts using coroutines or lua libraries using coroutines
(e.g., cqueues) panicked.
- Message PREVIEW handled whitespace wrong so first space would get
eaten from between words.
- FTS and message PREVIEW (snippet) parsed HTML &entities case-sensitively.
- lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE
was written in a way that may have caused confusion for IMAP clients
and also Dovecot itself when parsing it. The truncated part is now
written out using application/octet-stream MIME type.
- lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to
use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed:
(meth->context_size <= MAC_MAX_CONTEXT_SIZE).
- event filters: NOT keyword did not have the correct associativity.
NOT a AND b were getting parsed as NOT (a AND b) instead of
(NOT a) AND b.
- Ignore ECONNRESET when closing socket. This avoids logging useless
errors on systems like FreeBSD.
- event filters: event filter syntax error may lead to Panic:
file event-filter.c: line 137 (event_filter_parse): assertion failed:
(state.output == NULL)
- lib: timeval_cmp_margin() was broken on 32-bit systems. This could
potentially have caused HTTP timeouts to be handled incorrectly.
- log: instance_name wasn't used as syslog ident by the log process.
- master: After a service reached process_limit and client_limit, it
could have taken up to 1 second to realize that more client connections
became available. During this time client connections could have been
unnecessarily rejected and a warning logged:
Warning: service(...): process_limit (...) reached, client connections are being dropped
- stats: Crash would occur when generating openmetrics data for metrics
using aggregating functions.
- stats: Event filters comparing against empty strings crash the stats
process.
Pigeonhole 0.5.14
* IMAP FILTER command: cmd-filter-sieve - Do not allow NIL as
script name argument.
OBS-URL: https://build.opensuse.org/request/show/876725
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=92
- update to 2.3.13 and pigeonhole to 0.5.13
Dovecot 2.3.13
* CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
allow logged in user to access other people's emails and filesystem
information.
* Metric filter and global event filter variable syntax changed to a
SQL-like format. See
https://doc.dovecot.org/configuration_manual/event_filter/
* auth: Added new aliases for %{variables}. Usage of the old ones is
possible, but discouraged.
* auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
mechanism and related password schemes.
* auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
* auth: Removed postfix postmap socket
+ auth: Added new fields for auth server events. These fields are now
also available for all auth events. See
https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server
for details.
+ imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated
and imap_client_unhibernate_retried events. See
https://doc.dovecot.org/admin_manual/list_of_events/ for details.
+ lib-index: Added new mail_index_recreated event. See
https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated
+ lib-sql: Support TLS options for cassandra driver. This requires
cpp-driver v2.15 (or later) to work reliably.
+ lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now
added to existing mails if mail_attachment_detection_option=add-flags
and it can be done inexpensively.
+ login proxy: Added login_proxy_max_reconnects setting (default 3) to
control how many reconnections are attempted.
OBS-URL: https://build.opensuse.org/request/show/860321
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=36
- update to 2.3.13 and pigeonhole to 0.5.13
Dovecot 2.3.13
* CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
allow logged in user to access other people's emails and filesystem
information.
* Metric filter and global event filter variable syntax changed to a
SQL-like format. See
https://doc.dovecot.org/configuration_manual/event_filter/
* auth: Added new aliases for %{variables}. Usage of the old ones is
possible, but discouraged.
* auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
mechanism and related password schemes.
* auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
* auth: Removed postfix postmap socket
+ auth: Added new fields for auth server events. These fields are now
also available for all auth events. See
https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server
for details.
+ imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated
and imap_client_unhibernate_retried events. See
https://doc.dovecot.org/admin_manual/list_of_events/ for details.
+ lib-index: Added new mail_index_recreated event. See
https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated
+ lib-sql: Support TLS options for cassandra driver. This requires
cpp-driver v2.15 (or later) to work reliably.
+ lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now
added to existing mails if mail_attachment_detection_option=add-flags
and it can be done inexpensively.
+ login proxy: Added login_proxy_max_reconnects setting (default 3) to
control how many reconnections are attempted.
OBS-URL: https://build.opensuse.org/request/show/860209
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=87
- update to 2.3.11.3 and pigeonhole to 0.5.11
Dovecot 2.3.11.3
- pop3-login: Login didn't handle commands in multiple IP packets properly.
This mainly affected large XCLIENT commands or a large SASL initial
response parameter in the AUTH command.
- pop3: pop3_deleted_flag setting was broken, causing:
Panic: file seq-range-array.c: line 472 (seq_range_array_invert):
assertion failed: (range[count-1].seq2 <= max_seq)
Dovecot 2.3.11.2
- auth: Lua passdb/userdb leaks stack elements per call, eventually
causing the stack to become too deep and crashing the auth or
auth-worker process.
- lib-mail: v2.3.11 regression: MIME parts not returned correctly by
Dovecot MIME parser.
- pop3-login: Login would fail with "Input buffer full" if the initial
response for SASL was too long.
Dovecot 2.3.11
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
* Events: Fix inconsistency in events. See event documentation in
https://doc.dovecot.org.
OBS-URL: https://build.opensuse.org/request/show/826219
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=76
- update to 2.3.10.1 with security fixes for
* CVE-2020-10957: lmtp/submission: A client can crash the server by
sending a NOOP command with an invalid string parameter.
(boo#1171457)
* CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
commands can cause the server to access freed memory, which can lead
to a server crash. (boo#1171458)
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the
lmtp service to crash. (boo#1171456)
OBS-URL: https://build.opensuse.org/request/show/807017
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=29
- update to 2.3.10 and pigeonhole to 0.5.10
Dovecot 2.3.10
* Disable retpoline migitations by default. These can cause severe
performance regressions, so they should be only enabled when
applicable.
* IMAP MOVE now commits transactions in batches of 1000 mails. This
helps especially with lazy_expunge when moving a lot of mails. It
mainly avoids situations where multiple IMAP sessions are running the
same MOVE command and duplicating the mails in the lazy_expunge folder.
With this change there can still be some duplication, but the MOVE
always progresses forward. Also if the MOVE fails at some point, the
changes up to the last 1000 mails are still committed instead of
rolled back. Note that the COPY command behavior hasn't changed,
because it is required by IMAP standard to be an atomic operation.
* IMAP EXPUNGE and CLOSE now expunges mails in batches of 1000 mails.
This helps especially with lazy_expunge when expunging a lot of mails
(e.g. millions) to make sure that the progress always moves forward
even if the process is killed.
* Autoexpunging now expunges mails in batches of 1000 mails. This helps
especially with lazy_expunge when expunging a lot of mails
(e.g. millions) to make sure that the progress always moves forward
even if the process is killed.
+ Add tool for generating sysreport called dovecot-sysreport.
This generates a bundle of information usually needed for support
requests.
+ Add support for the new IMAP \Important SPECIAL-USE flag (RFC 8457).
+ Add metric { group_by } setting. This allows automatically creating
new metrics based on the fields you want to group statistics by.
NOTE: This feature is considered experimental and syntax is subject
to change in future release.
+ auth: Support SCRAM-SHA-256 authentication mechanism.
+ imap: Support the new IMAP STATUS=SIZE extension.
+ Use TCP_QUICKACK to reduce latency for some TCP connections.
+ quota-status: Made the service more robust against erroneous use with
Postfix ACL policies other than smtpd_recipient_restrictions.
+ Add "revision" field support to imap_id_send setting. Using
"revision *" will send in IMAP ID command response the short commit
hash of the Dovecot git source tree HEAD (same as in dovecot --version).
+ IMAP ENVELOPE includes now all addresses when there are multiple
headers (From, To, Cc, etc.) The standard way of having multiple
addresses is to just list them all in a single header. It's
non-standard to have multiple headers. However, since MTAs allow these
mails to pass through and different software may handle them in
different ways, it's better from security point of view to show all
the addresses.
+ Event filters now support using "field_name=" to match a field that
doesn't exist or has an empty value. For example use "error=" to match
only events that didn't fail.
- acl: INBOX ACLs shouldn't apply for IMAP GETMETADATA/SETMETADATA
commands.
- cassandra: CASS_ERROR_SERVER_WRITE_FAILURE error should also be
treated as "uncertain write failure".
- dict-redis: Using quota_clone configured with dict-redis could have
crashed when Redis responded slowly.
- fts-solr: The XML response parser fails to parse large/chunked responses
correctly. This leads to spurious parse errors, most notably: "Error:
fts_solr: received invalid uid '0'".
- imap-hibernate: Communication trouble with imap-master leads to
segfault.
- imap-hibernate: Unhibernation retrying wasn't working.
- imap: Fixed auth lookup privilege problem when imap process was reused
and user was being un-hibernated.
- Fix potential crash when copying/moving mails within the same folder.
This happened only when there were a lot of fields in dovecot.index.cache.
- lib-index: Recreating dovecot.index.cache file could have crashed when
merging bitmask fields.
- lib-index: Using public/shared folders with INDEXPVT configured to use
private \Seen flags, trying to search seen/unseen in an empty folder
crashes with segfault.
- lib-mail: Large base64-encoded mails weren't decoded properly.
This could have affected searching/indexing mails and message snippet
generation.
- lib-mail: Message with only quoted text could have caused message
snippet to ignore its 200 character limit and return the entire
message. This was added also to dovecot.index.cache file, which
increased disk space and memory usage unnecessarily.
v2.3.9.2 regression (previous versions cached the quoted snippet as
empty). In a large mail quoted text could have become wrongly added
to the snippet, possibly mixed together with non-quoted text.
- lib-smtp: client could have assert-crashed if STARTTLS handshake
finished earlier than usually.
- lib-ssl-iostream: remove -static flag for lib-ssl-iostream linking to
prevent a compile issue.
- lib-storage: Mailbox synchronization may have assert-crashed in some
rare situations.
- lib-storage: mdbox didn't preserve date.saved with dsync.
- lib: Don't require EAI_{ADDRFAMILY,NODATA}, breaks FreeBSD
- master: Some services could respawn unthrottled if they crash during
startup.
- push-notification: Do not send push_notification_finished event if
nothing was done. This happens when mail transaction is started and
ended with no changes.
- quota-status: Addresses with special characters in the local part caused
problems in the interaction between Postfix and Dovecot. Postfix sent
its own internal representation in the recipient field, while Dovecot
expected a valid RFC5321 mailbox address.
- submission-login: SESSION was not correctly encoded field for the
XCLIENT command. Particularly, a '+' character introduced by the
session ID's Base64 encoding causes problems.
- submission: Fix submission_max_mail_size to work correctly on 32-bit
systems.
- submission: Trusted connections crashed in second connection's EHLO
if submission-login { service_count } is something else than 1 (which
is the default).
- submission: XCLIENT command was never used in the protocol exchange
with the relay MTA when submission_backend_capabilities is configured,
even when the relay MTA was properly configured to accept the XCLIENT
command.
Pigeonhole 0.5.10
* imap_sieve_filter: Change result action logging to include IMAP UID
- vacation: Addresses were compared case-sensitively.
OBS-URL: https://build.opensuse.org/request/show/784360
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=67
- update to 2.3.8 and pigeonhole to 0.5.8
Dovecot 2.3.8
+ Added mail_delivery_started and mail_delivery_finished events, see
https://doc.dovecot.org/admin_manual/list_of_events/ for details.
+ dsync-replication: Don't replicate users who have "noreplicate" extra
field in userdb.
+ doveadm service status: Show total number of processes created.
+ When logging to syslog, use instance_name setting's value for the
ident. This commonly is added as a log prefix.
+ Base64 encoding/decoding code was rewritten with additional features.
It shouldn't cause any user visible changes.
- v2.3.7 regression: If a folder only receives new mails without any
other mail access, dovecot.index.log keeps growing forever and
dovecot.index keeps being rewritten for every mail delivery.
- dsync-replication may lose keywords after syncing mails restored from
another replica. This only happened if the mail only had keywords and
no system flags.
- event filters: Non-textual event fields could not be filtered using
wildcards.
- auth: Scope parameter was missing from OAuth password grant
request.
- doveadm client-server communication may hang in some situations.
It is also using unnecessarily small TCP/IP packet sizes.
- doveadm who and kick did not flush protocol output correctly.
- imap: SETMETADATA with literal value would delete the metadata value
instead of updating it.
- imap: When client issues FETCH PREVIEW (LAZY=FUZZY) command, the
caching decisions should be updated so that newly saved mails will
have the preview cached.
- With mail_nfs_index=yes and/or mail_nfs_storage=yes setuid/setgid
permission bits in some files may have become dropped with some NFS
servers. Changed NFS flushing to now use chmod() instead of chown().
- quota: warnings did not work if quota root was noenforcing
- acl: Global ACL file ignored the last line if it didn't end with LF.
- doveadm stats dump: With JSON formatter output numbers using the
number type instead of as strings
- lmtp_proxy: Ensure that real_* variables are correctly set when using
lmtp_proxy.
- event exporter: http-post driver had hardcoded timeout and did not
support DNS lookups or TLS connections.
- auth: Fix user iteration to work with userdb passwd with glibc v2.28.
- auth: auth service can crash if auth-policy JSON response is invalid
or returned too fast.
- In some rare situations "ps" output could have shown a lot of "?"
characters after Dovecot process titles.
- When dovecot.index.pvt is empty, an unnecessary error is logged:
Error: .../dovecot.index.pvt reset, view is now inconsistent
- SMTP address encoder duplicated initial double quote character when
the localpart of an address ended in '..'. For example
"user+..@example.com" became ""user+.."@example.com in a
sieve redirect.
Pigeonhole 0.5.8
- Sieve may leak resources in rare cases when a redirect, vacation or
report action fails to send the message. This mainly applies when
Sieve is executed in IMAP context; i.e., for the IMAPSIEVE or
FILTER=SIEVE capabilities.
OBS-URL: https://build.opensuse.org/request/show/738214
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=21
- update to 2.3.7.2
* CVE-2019-11500: IMAP protocol parser does not properly handle
NUL byte when scanning data in quoted strings, leading to out
of bounds heap memory writes. Found by Nick Roessler and Rafi
Rubin. (boo#1145559)
- update pigeonhole to 0.5.7.2
* CVE-2019-11500: ManageSieve protocol parser does not properly
handle NUL byte when scanning data in quoted strings, leading
to out of bounds heap memory writes. Found by Nick Roessler and
Rafi Rubin. (boo#1145559)
- refreshed patches to apply cleanly again:
dovecot-2.3.0-better_ssl_defaults.patch
dovecot-2.3.0-dont_use_etc_ssl_certs.patch
OBS-URL: https://build.opensuse.org/request/show/726988
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=20
* CVE-2019-11500: IMAP protocol parser does not properly handle
NUL byte when scanning data in quoted strings, leading to out
of bounds heap memory writes. Found by Nick Roessler and Rafi
Rubin.
- update pigeonhole to 0.5.7.2
* CVE-2019-11500: ManageSieve protocol parser does not properly
handle NUL byte when scanning data in quoted strings, leading
to out of bounds heap memory writes. Found by Nick Roessler and
Rafi Rubin.
- refreshed patches to apply cleanly again:
dovecot-2.3.0-better_ssl_defaults.patch
dovecot-2.3.0-dont_use_etc_ssl_certs.patch
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=52
- update to 2.3.7.1 and pigeonhole to 0.5.7.1
Dovecot 2.3.7.1
- Fix TCP_NODELAY errors being logged on non-Linux OSes
- lmtp proxy: Fix assert-crash when client uses BODY=8BITMIME
- Remove wrongly added checks in namespace prefix checking
Pigeonhole 0.5.7.1
- dsync: Sieve script syncing failed if mailbox attributes weren't enabled.
Dovecot 2.3.7
* fts-solr: Removed break-imap-search parameter
+ Added more events for the new statistics, see
https://doc.dovecot.org/admin_manual/list_of_events/
+ mail-lua: Add IMAP metadata accessors, see
https://doc.dovecot.org/admin_manual/lua/
+ Add event exporters that allow exporting raw events to log files and
external systems, see
https://doc.dovecot.org/configuration_manual/event_export/
+ SNIPPET is now PREVIEW and size has been increased to 200 characters.
+ Add body option to fts_enforced. This triggers building FTS index only
on body search, and an error using FTS index fails the search rather
than reads through all the mails.
- Submission/LMTP: Fixed crash when domain argument is invalid in a
second EHLO/LHLO command.
- Copying/moving mails using Maildir format loses IMAP keywords in the
destination if the mail also has no system flags.
- mail_attachment_detection_options=add-flags-on-save caused email body
to be unnecessarily opened when FETCHing mail headers that were
already cached.
- mail attachment detection keywords not saved with maildir.
- dovecot.index.cache may have grown excessively large in some
situations. This happened especially when using autoexpunging with
lazy_expunge folders. Also with mdbox format in general the cache file
wasn't recreated as often as it should have.
- Autoexpunged mails weren't immediately deleted from the disk. Instead,
the deletion from disk happened the next time the folder was opened.
This could have caused unnecessary delays if the opening was done by
an interactive IMAP session.
- Dovecot's TCP connections sometimes add extra 40ms latency due to not
enabling TCP_NODELAY. HTTP and SMTP/LMTP connections weren't
affected, but everything else was. This delay wasn't always visible -
only in some situations with some message/packet sizes.
- imapc: Fix various crash conditions
- Dovecot builds were not always reproducible.
- login-proxy: With shutdown_clients=no after config reload the
existing connections could no longer be listed or kicked with doveadm.
- "doveadm proxy kick" with -f parameter caused a crash in some
situations.
- Auth policy can cause segmentation fault crash during auth process
shutdown if all auth requests have not been finished.
- Fix various minor bugs leading into incorrect behaviour in mailbox
list index handling. These rarely caused noticeable problems.
- LDAP auth: Iteration accesses freed memory, possibly crashing
auth-worker
- local_name { .. } filter in dovecot.conf does not correctly support
multiple names and wildcards were matched incorrectly.
- replicator: dsync assert-crashes if it can't connect to remote TCP
server.
- config: Memory leak in config process when ssl_dh setting wasn't
set and there was no ssl-parameters.dat file.
This caused config process to die once in a while
with "out of memory".
- bsc#1134242 - upgrade from 42.3 to 15.1: dovecot shows Unknown
protocol 'SSLv2'
* remove !SSLv2 from existing ssl_protocols configuration
during upgrade
OBS-URL: https://build.opensuse.org/request/show/718437
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=19
- update pigeonhole to 0.5.6
+ sieve: Redirect loop prevention is sometimes ineffective.
Improve existing loop detection by also recognizing the
X-Sieve-Redirected-From header in incoming messages and
dropping redirect actions when it points to the sending
account. This header is already added by the redirect action,
so this improvement only adds an additional use of this header.
- sieve: Prevent execution of implicit keep upon temporary
failure occurring at runtime.
- update to 2.3.6: (boo#1133624 boo#1133625)
* CVE-2019-11494: Submission-login crashed with signal 11 due to
null pointer access when authentication was aborted by
disconnecting.
* CVE-2019-11499: Submission-login crashed when authentication
was started over TLS secured channel and invalid authentication
message was sent.
* auth: Support password grant with passdb oauth2.
+ Use system default CAs for outbound TLS connections.
+ Simplify array handling with new helper macros.
+ fts_solr: Enable configuring batch_size and soft_commit features.
- lmtp/submission: Fixed various bugs in XCLIENT handling,
including a hang when XCLIENT commands were sent infinitely to
the remote server.
- lmtp/submission: Forwarded multi-line replies were erroneously
sent as two replies to the client.
- lib-smtp: client: Message was not guaranteed to contain CRLF
consistently when CHUNKING was used.
- fts_solr: Plugin was no longer compatible with Solr 7.
- Make it possible to disable certificate checking without
setting ssl_client_ca_* settings.
- pop3c: SSL support was broken.
- mysql: Closing connection twice lead to crash on some systems.
- auth: Multiple oauth2 passdbs crashed auth process on deinit.
- HTTP client connection errors infrequently triggered a
segmentation fault when the connection was idle and not used
for a particular client instance.
OBS-URL: https://build.opensuse.org/request/show/699690
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=18
+ sieve: Redirect loop prevention is sometimes ineffective.
Improve existing loop detection by also recognizing the
X-Sieve-Redirected-From header in incoming messages and
dropping redirect actions when it points to the sending
account. This header is already added by the redirect action,
so this improvement only adds an additional use of this header.
- sieve: Prevent execution of implicit keep upon temporary
failure occurring at runtime.
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=47
* CVE-2019-11494: Submission-login crashed with signal 11 due to
null pointer access when authentication was aborted by
disconnecting.
* CVE-2019-11499: Submission-login crashed when authentication
was started over TLS secured channel and invalid authentication
message was sent.
* auth: Support password grant with passdb oauth2.
+ Use system default CAs for outbound TLS connections.
+ Simplify array handling with new helper macros.
+ fts_solr: Enable configuring batch_size and soft_commit features.
- lmtp/submission: Fixed various bugs in XCLIENT handling,
including a hang when XCLIENT commands were sent infinitely to
the remote server.
- lmtp/submission: Forwarded multi-line replies were erroneously
sent as two replies to the client.
- lib-smtp: client: Message was not guaranteed to contain CRLF
consistently when CHUNKING was used.
- fts_solr: Plugin was no longer compatible with Solr 7.
- Make it possible to disable certificate checking without
setting ssl_client_ca_* settings.
- pop3c: SSL support was broken.
- mysql: Closing connection twice lead to crash on some systems.
- auth: Multiple oauth2 passdbs crashed auth process on deinit.
- HTTP client connection errors infrequently triggered a
segmentation fault when the connection was idle and not used
for a particular client instance.
- drop https://github.com/dovecot/core/commit/3c5101ffd.patch
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=46
- update to 2.3.5.2 (boo#1132501)
* CVE-2019-10691: Trying to login with 8bit username containing
invalid UTF8 input causes auth process to crash if auth policy
is enabled. This could be used rather easily to cause a DoS.
Similar crash also happens during mail delivery when using
invalid UTF8 in From or Subject header when OX push
notification driver is used.
- update to 2.3.5.1 (boo#1130116)
OBS-URL: https://build.opensuse.org/request/show/695556
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=17
* CVE-2019-10691: Trying to login with 8bit username containing
invalid UTF8 input causes auth process to crash if auth policy
is enabled. This could be used rather easily to cause a DoS.
Similar crash also happens during mail delivery when using
invalid UTF8 in From or Subject header when OX push
notification driver is used.
- update to 2.3.5.1 (boo#1130116)
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=43
- update to 2.3.4.1 (boo#1123022)
* CVE-2019-3814: If imap/pop3/managesieve/submission client has
trusted certificate with missing username field
(ssl_cert_username_field), under some configurations Dovecot
mistakenly trusts the username provided via authentication
instead of failing.
* ssl_cert_username_field setting was ignored with external
SMTP AUTH, because none of the MTAs (Postfix, Exim) currently
send the cert_username field. This may have allowed users with
trusted certificate to specify any username in the
authentication. This bug didn't affect Dovecot's Submission
service.
OBS-URL: https://build.opensuse.org/request/show/671912
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=15
* CVE-2019-3814: If imap/pop3/managesieve/submission client has
trusted certificate with missing username field
(ssl_cert_username_field), under some configurations Dovecot
mistakenly trusts the username provided via authentication
instead of failing.
* ssl_cert_username_field setting was ignored with external
SMTP AUTH, because none of the MTAs (Postfix, Exim) currently
send the cert_username field. This may have allowed users with
trusted certificate to specify any username in the
authentication. This bug didn't affect Dovecot's Submission
service.
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=38
- update pigeonhole to 0.5.0.1
- imap4flags extension: Fix binary corruption occurring when
setflag/addflag/removeflag flag-list is a variable.
- sieve-extprograms plugin: Fix segfault occurring when used in
IMAPSieve context.
- drop 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch
- pull backport patch dovecot-2.3.0.1-over-quota-lmtp-crash.patch
- update to 2.3.0.1
* CVE-2017-15130: TLS SNI config lookups may lead to excessive
memory usage, causing imap-login/pop3-login VSZ limit to be
reached and the process restarted. This happens only if Dovecot
config has local_name { } or local { } configuration blocks and
attacker uses randomly generated SNI servernames.
* CVE-2017-14461: Parsing invalid email addresses may cause a
crash or leak memory contents to attacker. For example, these
memory contents might contain parts of an email from another
user if the same imap process is reused for multiple users.
First discovered by Aleksandar Nikolic of Cisco Talos.
Independently also discovered by "flxflndy" via HackerOne.
* CVE-2017-15132: Aborted SASL authentication leaks memory in
login process.
* Linux: Core dumping is no longer enabled by default via
PR_SET_DUMPABLE, because this may allow attackers to bypass
chroot/group restrictions. Found by cPanel Security Team.
Nowadays core dumps can be safely enabled by using "sysctl -w
fs.suid_dumpable=2". If the old behaviour is wanted, it can
still be enabled by setting:
import_environment=$import_environment PR_SET_DUMPABLE=1
- imap-login with SSL/TLS connections may end up in infinite loop
OBS-URL: https://build.opensuse.org/request/show/583681
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=3
- imap4flags extension: Fix binary corruption occurring when
setflag/addflag/removeflag flag-list is a variable.
- sieve-extprograms plugin: Fix segfault occurring when used in
IMAPSieve context.
- drop 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=8
* CVE-2017-15130: TLS SNI config lookups may lead to excessive
memory usage, causing imap-login/pop3-login VSZ limit to be
reached and the process restarted. This happens only if Dovecot
config has local_name { } or local { } configuration blocks and
attacker uses randomly generated SNI servernames.
* CVE-2017-14461: Parsing invalid email addresses may cause a
crash or leak memory contents to attacker. For example, these
memory contents might contain parts of an email from another
user if the same imap process is reused for multiple users.
First discovered by Aleksandar Nikolic of Cisco Talos.
Independently also discovered by "flxflndy" via HackerOne.
* CVE-2017-15132: Aborted SASL authentication leaks memory in
login process.
* Linux: Core dumping is no longer enabled by default via
PR_SET_DUMPABLE, because this may allow attackers to bypass
chroot/group restrictions. Found by cPanel Security Team.
Nowadays core dumps can be safely enabled by using "sysctl -w
fs.suid_dumpable=2". If the old behaviour is wanted, it can
still be enabled by setting:
import_environment=$import_environment PR_SET_DUMPABLE=1
- imap-login with SSL/TLS connections may end up in infinite loop
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=6
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
