Fedora 19 Update: dovecot-2.2.15-1.fc19

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 13 18:11:31 UTC 2014


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-13342
2014-10-21 09:19:25
--------------------------------------------------------------------------------

Name        : dovecot
Product     : Fedora 19
Version     : 2.2.15
Release     : 1.fc19
URL         : http://www.dovecot.org/
Summary     : Secure imap and pop3 server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind.  It also contains a small POP3 server.  It supports mail
in either of maildir or mbox formats.

The SQL drivers and authentication plug-ins are in their subpackages.

--------------------------------------------------------------------------------
Update Information:

- Fixed several race conditions with dovecot.index.cache handling that may have caused unnecessary "cache is corrupted" errors.
- auth: If auth client listed userdb and disconnected before finishing, the auth worker process got stuck (and eventually all workers could get used up and requests would start failing).
- lmtp: Delivered-To: header no longer contains <> around the email address. Other MDAs don't have it either.
- "Out of disk space" errors are now treated as temporary errors
(not the same as "Out of disk quota").
- replication plugin: Use replication only for users who have a
non-empty mail_replica setting.
- lmtp proxy: Log a line about each mail delivery.
- Added login_source_ips setting. This can be used to set the source IP address round-robin from a pool of IPs (in case you run out of TCP ports).
- Rawlog settings can use tcp:<host>:<port> as the path.
- virtual plugin: Don't keep more than virtual_max_open_mailboxes
(default 64) number of backend mailboxes open.
- SSL/TLS compression can be disabled with ssl_options=no_compression
- acl: Global ACL file now supports "quotes" around patterns.
- Added last-login plugin to set user's last-login timestamp on login.
- LDAP auth: Allow passdb credentials lookup also with auth_bind=yes	
- IMAP: MODSEQ was sent in FETCH reply even if CONDSTORE/QRESYNC wasn't enabled. This broke at least old Outlooks.
- passdb static treated missing password field the same as an empty password field.
- mdbox: Fixed potential infinite looping when scanning a broken
mdbox file.
- imap-login, pop3-login: Fixed potential crashes when client
disconnected unexpectedly.
- imap proxy: The connection was hanging in some usage patterns. This mainly affected older Outlooks.
- lmtp proxy: The proxy sometimes delivered empty mails in error
situations or potentially delivered truncated mails.
- fts-lucene: If whitespace_chars was set, we may have ended up
indexing some garbage words, growing the index size unnecessarily.
- -c and -i parameters for dovecot/doveadm commands were ignored if the config socket was readable.
- quota: Quota recalculation didn't include INBOX in some setups.
- Mail headers were sometimes added to dovecot.index.cache in wrong order. The main problem this caused was with dsync+imapc incremental syncing when the second sync thought the local mailbox had changed.
- doveadm backup didn't notice if emails were missing from the middle of the destination mailbox. Now it deletes and resyncs the mailbox.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 30 2014 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.15-1
- dovecot updated to 2.2.15
- various race condition fixes to LAYOUT=index
- v2.2.14 virtual plugin crashed in some situations
* Fri Oct 17 2014 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.14-1
- dovecot updated to 2.2.14, pigeonhole updated to 0.4.3
- fixed several race conditions with dovecot.index.cache handling that
  may have caused unnecessary "cache is corrupted" errors.
- auth: If auth client listed userdb and disconnected before finishing,
  the auth worker process got stuck
- imap-login, pop3-login: Fixed potential crashes when client
  disconnected unexpectedly.
- imap proxy: The connection was hanging in some usage patterns.
* Thu Aug 21 2014 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.13-2
- use network-online target instead of just network (#1119814)
* Mon May 12 2014 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.13-1
- dovecot updated to 2.2.13
- fixes CVE-2014-3430: denial of service through maxxing out SSL connections
- pop3 server was still crashing in v2.2.12 
- maildir: Various fixes and improvements to handling compressed mails
- fts-lucene, fts-solr: Fixed crash on search when the index contained
  duplicate entries.
- mail_attachment_dir: Attachments with the last base64-encoded line
  longer than the rest wasn't handled correctly.
- IMAP: SEARCH/SORT PARTIAL was handled completely wrong in v2.2.11+
- acl: Global ACL file handling was broken when multiple entries
  matched the mailbox name
* Fri Feb 14 2014 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.12-1
- dovecot updated to 2.2.12
- fixes pop3 crash
* Thu Feb 13 2014 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.11-1
- dovecot updated to 2.2.11
- imap: SEARCH/SORT PARTIAL reponses may have been too large.
- doveadm backup: Fixed assert-crash when syncing mailbox deletion.
* Thu Jan  2 2014 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.10-1
- dovecot updated to 2.2.10
- quota-status: quota_grace was ignored
- ldap: Fixed memory leak with auth_bind=yes and without
  auth_bind_userdn.
- imap: Don't send HIGHESTMODSEQ anymore on SELECT/EXAMINE when
  CONDSTORE/QRESYNC has never before been enabled for the mailbox.
- imap: Fixes to handling mailboxes without permanent modseqs.
  (When [NOMODSEQ] is returned by SELECT, mainly with in-memory
  indexes.)
- imap: Various fixes to METADATA support.
- stats plugin: Processes that only temporarily dropped privileges
  (e.g. indexer-worker) may have been logging errors about not being
  able to open /proc/self/io.
* Mon Nov 25 2013 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.9-1
- improved cache file handling exposed several old bugs related to fetching 
  mail headers.
- iostream handling changes were causing some connections to be disconnected
  before flushing their output
* Wed Nov 20 2013 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.8-1
- Fixed infinite loop in message parsing if message ends with
  "--boundary" and CR (without LF). Messages saved via SMTP/LMTP can't
  trigger this, because messages must end with an "LF.". A user could
  trigger this for him/herself though.
- lmtp: Client was sometimes disconnected before all the output was
  sent to it.
- replicator: Database wasn't being exported to disk every 15 minutes
  as it should have. Instead it was being imported, causing "doveadm
  replicator remove" commands to not work very well.
* Thu Nov 14 2013 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.7-2
- fix ostream infinite loop (#1029906)
* Mon Nov  4 2013 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.7-1
- dovecot updated to 2.2.7
- master process was doing a hostname.domain lookup for each created
  process, which may have caused a lot of unnecessary DNS lookups.
- dsync: Syncing over 100 messages at once caused problems in some
  situations, causing messages to get new UIDs.
- fts-solr: Different Solr hosts for different users didn't work.
* Thu Oct 17 2013 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.6-1
- dovecot updated to 2.2.6, pigeonhole updated to 0.4.2
- director: v2.2.5 changes caused "SYNC lost" errors
- dsync: Many fixes and error handling improvements
- doveadm -A: Don't waste CPU by doing a separate config lookup
  for each user
- Long-running ssl-params process no longer prevents Dovecot restart
- mbox: Fixed mailbox_list_index=yes to work correctly
* Wed Aug  7 2013 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.5-1
- dovecot updated to 2.2.5
- added some missing man pages (by Pascal Volk)
- director: Users near expiration could have been redirected to
  different servers at the same time.
- pop3: Avoid assert-crash if client disconnects during LIST.
- mdbox: Corrupted index header still wasn't automatically fixed.
- dsync: Various fixes to work better with imapc and pop3c storages.
- ldap: sasl_bind=yes caused crashes, because Dovecot's lib-sasl
  symbols conflicted with Cyrus SASL library.
* Wed Jul 10 2013 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.4-2
- fix name conflict with cyrus-sasl (#975869)
* Wed Jun 26 2013 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.4-1
- dovecot updated to 2.2.4
- imap/pop3 proxy: Master user logins were broken in v2.2.3
- sdbox/mdbox: A corrupted index header with wrong size was never
  automatically fixed in v2.2.3.
- mbox: Fixed assert-crashes related to locking.
* Mon Jun 17 2013 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.3-1
- dovecot updated to 2.2.3
- IMAP: If subject contained only whitespace, Dovecot returned an
  ENVELOPE reply with a huge literal value, effectively causing the
  IMAP client to wait for more data forever.
- IMAP: Various URLAUTH fixes.
- imapc: Various bugfixes and improvements
- pop3c: Various fixes to make it work in dsync (without imapc)
- dsync: Fixes to syncing subscriptions. Fixes to syncing mailbox
  renames.
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update dovecot' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list