SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for vpopmail-dovecot22-fts-solr-2.2.36-23.1.x86_64.rpm :
Sun May 27 14:00:00 2018 mrueckertAATTsuse.de
- update to 2.2.36

* login-proxy: If ssl_require_crl=no, allow revoked certificates.
Also don\'t do CRL checks for incoming client certificates.

* stats plugin: Don\'t temporarily enable PR_SET_DUMPABLE while
opening /proc/self/io. This may still cause security problems
if the process is ptrace()d at the same time. Instead, open it
while still running as root.
+ doveadm: Added mailbox cache decision&remove commands. See
doveadm-mailbox(1) man page for details.
+ doveadm: Added rebuild attachments command for rebuilding
$HasAttachment or $HasNoAttachment flags for matching mails.
See doveadm-rebuild(1) man page for details.
+ cassandra: Use fallback_consistency on more types of errors
- cassandra: Fix consistency=quorum to work
- dsync: Lock file generation failed if home directory didn\'t
exist
- In some configs if namespace root directory didn\'t yet exist,
Dovecot failed to create mailboxes.lock when trying to create
mailboxes
- Snippet generation for HTML mails didn\'t ignore &entities
inside blockquotes, producing strange looking snippets.
- imapc: Fix assert-crash if getting disconnected and after
reconnection all mails in the selected mailbox are gone.
- pop3c: Handle unexpected server disconnections without
assert-crash
- fts: Fixes to indexing mails via virtual mailboxes.
- fts: If mails contained NUL characters, the text around it
wasn\'t indexed.
- Obsolete dovecot.index.cache offsets were sometimes used.
Trying to fetch a field that was just added to cache file may
not have always found it.
- dict-sql: Fix crash when reading NULL value from database
- update pigeonhole to 0.4.24
+ Implement plugin for the a vendor-defined IMAP capability
called \"FILTER=SIEVE\". It adds the ability to manually invoke
Sieve filtering in IMAP. More information can be found in
doc/plugins/imap_filter_sieve.txt.
- Fix assert panics triggered by empty messages that are being
forwarded using redirect or vnd.dovecot.report. This does not
likely normally occur, but this is seen as a result of certain
benign failures in object storage.
- Make the length of the subject header for the vacation response
configurable and enforce the limit in UTF-8 codepoints rather
than bytes. The subject header for a vacation response was
statically truncated to 256 bytes, which is too limited for
multi-byte UTF-8 characters.
- Sieve editheader extension: Fix assertion panic occurring when
it is used to manipulate a message header with a very large
header field.
- Properly abort execution of the sieve_discard script upon
error. Before, the LDA Sieve plugin attempted to execute the
sieve_discard script when an error occurs. This can lead to the
message being lost.
- Fix the interaction between quota and the sieve_discard script.
When quota was used together with a sieve_discard script, the
message delivery did not bounce when the quota was exceeded.

Wed Mar 21 13:00:00 2018 mrueckertAATTsuse.de
- update to 2.2.35
- charset_alias: compile fails with Solaris Studio, reported by
John Woods.
- Fix local name handling in v2.2.34 SNI code, bug found by
cPanel.
- imapc: Don\'t try to add mails to index if they already exist
there.
- imapc: If email is modified in istream_opened hook, mail size
isn\'t updated.
- lib-dcrypt: When reading encrypted data, more data would not be
read if buffer was not consumed causing panic or hang.
- notify: When notify plugin is used and transaction commit fails
in dsync, crash occurs.
- sdbox: When delivering to a mailbox that is over quota, temp
files are not cleaned up when saving or copying fails.
- update pigeonhole to 0.4.23
- editheader extension: Corrected the stream position
calculations performed while making the modified message
available as a stream. Pigeonhole Sieve crashed in LMTP with
an assertion panic when the Sieve editheader extension was used
before the message was redirected. Experiments indicate that
the problem occurred only with LMTP and that LDA is not
affected.
- fileinto extension: Fix assert panic occurring when fileinto is
used without being listed in the require line, while the copy
extension is listed there. This is a very old bug.
- imapsieve plugin: Do not log an error for messages that
disappear concurrently while applying Sieve scripts. This is a
further improvement on the imapsieve fix in the previous
release (which fixed a panic). This event is now logged as a
debug message.
- update pigeonhole to 0.4.22
- Fixed filesystem path handling problem: sieve plugin could have
assert-crashed with specific path lengths with: \"Panic: file
realpath.c: line 86 (path_normalize): assertion failed:
(npath_pos + 1 < npath + asize)\".
- Sieve extprograms plugin: Large output from \"execute\" command
crashed delivery. Fixed buffering issue in code that handles
output from the external program.
- editheader extension: Extensively reworked the low-level
implementation of adding and removing headers. This solves a
few integer arithmetic problems reported by Clang runtime
checks, but also improves code structure and reliability in
general.
- imapsieve: Fix assert crash occurring when selected messages
are expunged concurrently by the time Sieve filter is to be
applied.
- imap4flags extension: Fix binary byte-code corruption occurring
when the setflag, addflag, or removeflag command\'s flag-list is
a variable.
- enotify extension: mailto method: Fixed parsing of mailto URI
with only a header part.
- enotify extension: mailto method: Make sure \"From:\" header is
set to a usable address and not \"(null)\".
- Fixed writing address headers to outgoing messages. It
sometimes erroneously applied another layer of MIME header
encoding.

Wed Mar 7 13:00:00 2018 mrueckertAATTsuse.de
- update license tag to SPDX-3

Tue Mar 6 13:00:00 2018 mrueckertAATTsuse.de
- drop 84703c2f19113ac731e4638ba782fa87e0748ba6.patch:
included in update

Tue Mar 6 13:00:00 2018 mrueckertAATTsuse.de
- update to 2.2.34

* CVE-2017-15130: TLS SNI config lookups may lead to excessive
memory usage, causing imap-login/pop3-login VSZ limit to be
reached and the process restarted. This happens only if Dovecot
config has local_name { } or local { } configuration blocks and
attacker uses randomly generated SNI servernames. (boo#1082828)

* CVE-2017-14461: Parsing invalid email addresses may cause a
crash or leak memory contents to attacker. For example, these
memory contents might contain parts of an email from another
user if the same imap process is reused for multiple users.
First discovered by Aleksandar Nikolic of Cisco Talos.
Independently also discovered by \"flxflndy\" via HackerOne.
(boo#1082826)

* CVE-2017-15132: Aborted SASL authentication leaks memory in
login process. (boo#1075608)

* Linux: Core dumping is no longer enabled by default via
PR_SET_DUMPABLE, because this may allow attackers to bypass
chroot/group restrictions. Found by cPanel Security Team.
Nowadays core dumps can be safely enabled by using \"sysctl -w
fs.suid_dumpable=2\". If the old behaviour is wanted, it can
still be enabled by setting:
import_environment=$import_environment PR_SET_DUMPABLE=1

* doveconf output now includes the hostname.
+ mail_attachment_detection_options setting controls when
$HasAttachment and $HasNoAttachment keywords are set for mails.
+ imap: Support fetching body snippets using FETCH (SNIPPET) or
(SNIPPET (LAZY=FUZZY))
+ fs-compress: Automatically detect whether input is compressed
or not. Prefix the compression algorithm with \"maybe-\" to
enable the detection, for example: \"compress:maybe-gz:6:...\"
+ Added settings to change dovecot.index
* files\' optimization
behavior. See https://wiki2.dovecot.org/IndexFiles#Settings
+ Auth cache can now utilize auth workers to do password hash
verification by setting
auth_cache_verify_password_with_worker=yes.
+ Added charset_alias plugin. See
https://wiki2.dovecot.org/Plugins/CharsetAlias
+ imap_logout_format and pop3_logout_format settings now support
all of the generic variables (e.g. %{rip}, %{session}, etc.)
+ Added auth_policy_check_before_auth,
auth_policy_check_after_auth and auth_policy_report_after_auth
settings.
- v2.2.33: doveadm-server: Various fixes related to log handling.
- v2.2.33: doveadm failed when trying to access UNIX socket that
didn\'t require authentication.
- v2.2.33: doveadm log reopen stopped working
- v2.2.30+: IMAP stopped advertising SPECIAL-USE capability
- v2.2.30+: IMAP stopped sending untagged OK/NO storage
notifications
- replication: dsync sends unnecessary replication notification
for changes it does internally. NOTE: Folder creates, renames,
deletes and subscribes still trigger unnecessary replication
notifications, but these should be rather rare.
- mail_always/never_cache_fields setting changes weren\'t applied
for existing dovecot.index.cache files.
- Fix compiling and other problems with OpenSSL v1.1
- auth policy: With master user logins, lookup using login
username.
- FTS reindexed all mails unnecessarily after loss of
dovecot.index.cache file
- mdbox rebuild repeatedly fails with \"missing map extension\"
- SSL connections may have been hanging with imapc or doveadm
client.
- cassandra: Using protocol v3 (Cassandra v2.1) caused memory
leaks and also timestamps weren\'t set to queries.
- fs-crypt silently ignored public/private keys specified in
configuration (mail_crypt_global_public/private_key) and just
emitted plaintext output.
- lock_method=dotlock caused crashes
- imapc: Reconnection may cause crashes and other errors

Sun Dec 24 13:00:00 2017 mrueckertAATTsuse.de
- undo the patch change from the (boo#1070761) fix again:
that means on older distros the SSLv2 disable is actually still
there. for newer distros the %prep scriptlet part will fix the
config after copying. also limit the pre scriptlet to
suse_version 1500 and newer

Sun Dec 24 13:00:00 2017 mrueckertAATTsuse.de
- Move the example-config + mkcert.sh to /usr/share/dovecot
This makes the files no longer documentation and they actually
exist on e.g. our docker image, where rpms are installed without
documentation. (boo#1070871)

Sun Dec 3 13:00:00 2017 suse+buildAATTde-korte.org
- openssl 1.1.0 does not support SSLv2 anymore (boo#1070761)

* changed dovecot-2.2.18-better_ssl_defaults.patch

* remove !SSLv2 from existing ssl_protocols configuration
during upgrade

Tue Nov 7 13:00:00 2017 mrueckertAATTsuse.de
- added https://github.com/dovecot/core/commit/84703c2f19113ac731e4638ba782fa87e0748ba6.patch
backport fix for log reopen

Fri Oct 20 14:00:00 2017 mrueckertAATTsuse.de
- update to 2.2.33.2
- doveadm: Fix crash in proxying (or dsync replication) if remote
is running older than v2.2.33
- auth: Fix memory leak in %{ldap_dn}
- dict-sql: Fix data types to work correctly with Cassandra
- drop 187fbf157d5c42f9f06ce52884fefbb4f66c070d.patch:
included in update

Mon Oct 16 14:00:00 2017 mrueckertAATTsuse.de
- added 187fbf157d5c42f9f06ce52884fefbb4f66c070d.patch
doveadm proxy: Don\'t crash if remote doesn\'t support log proxying

Tue Oct 10 14:00:00 2017 mrueckertAATTsuse.de
- update pigeonhole to 0.4.21

* redirect action: Always set the X-Sieve-Redirected-From header
to sieve_user_email if configured. Before, it would use the
envelope recipient instead if available, which makes no sense
if the primary e-mail address is available.
+ vacation extension: Allow ignoring the envelope sender while
composing the \"To:\" header for the reply. Normally, the \"To:\"
header is composed from the address found in the \"Sender\",
\"Resent-From\" or \"From\" headers that is equal to the envelope
sender. If none is then found, the bare envelope sender is
used. This change adds a new setting
\"sieve_vacation_to_header_ignore_envelope\". With this setting
enabled, the \"To:\" header is always composed from those headers
in the source message. The new setting thus allows ignoring the
envelope, which is useful e.g. when SRS is used.
+ vacation extension: Compose the \"To:\" header from the full
sender address found in the first \"Sender:\", \"From:\" or
\"Resent-From:\" header. Before, it would create a \"To:\" header
without a phrase part. The new behavior is nicer, since the
reply will be addressed to the sender by name if possible.
- LDA Sieve plugin: Fixed sequential execution of LDAP-based
scripts. A missing LDAP-based script could cause the script
sequence to exit earlier.
- sieve-filter: Removed the (now) duplicate utf8 to mutf7 mailbox
name conversion. This caused problems with mailbox names
containing UTF-8 characters. The Dovecot API was changed years
ago, but apparently sieve-filter was never updated.

Tue Oct 10 14:00:00 2017 mrueckertAATTsuse.de
- update to 2.2.33.1

* doveadm director commands wait for the changes to be visible in
the whole ring before they return. This is especially useful in
testing.

* Environments listed in import_environment setting are now set
or preserved when executing standalone commands (e.g. doveadm)
+ doveadm proxy: Support proxying logs. Previously the logs were
visible only in the backend\'s logs.
+ Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals
+ Added a new notify_status plugin, which can be used to update
dict with current status of a mailbox when it changes. See
https://wiki2.dovecot.org/Plugins/NotifyStatus
+ Mailbox list index can be disabled for a namespace by appending
\":LISTINDEX=\" to location setting.
+ dsync/imapc: Added dsync_hashed_headers setting to specify
which headers are used to match emails.
+ pop3-migration: Add pop3_migration_ignore_extra_uidls=yes to
ignore mails that are visible in POP3 but not IMAP. This could
happen if new mails were delivered during the migration run.
+ pop3-migration: Further improvements to help with Zimbra
+ pop3-migration: Cache POP3 UIDLs in imapc\'s dovecot.index.cache
if indexes are enabled. These are used to optimize incremental
syncs.
+ cassandra, dict-sql: Use prepared statements if protocol
version>3.
+ auth: Added %{ldap_dn} variable for passdb/userdb ldap
- acl: The \"create\" (k) permission in global acl-file was
sometimes ignored, allowing users to create mailboxes when they
shouldn\'t have.
- sdbox: Mails were always opened when expunging, unless
mail_attachment_fs was explicitly set to empty.
- lmtp/doveadm proxy: hostip passdb field was ignored, which
caused unnecessary DNS lookups if host field wasn\'t an IP
- lmtp proxy: Fix crash when receiving unexpected reply in RCPT
TO
- quota_clone: Update also when quota is unlimited (broken in
v2.2.31)
- mbox, zlib: Fix assert-crash when accessing compressed mbox
- doveadm director kick -f parameter didn\'t work
- doveadm director flush resulted flushing all hosts, if
wasn\'t an IP address.
- director: Various fixes to handling backend/director changes at
abnormal times, especially while ring was unsynced. These could
have resulted in crashes, non-optimal behavior or ignoring some
of the changes.
- director: Use less CPU in imap-login processes when
moving/kicking many users.
- lmtp: Session IDs were duplicated/confusing with multiple RCPT
TOs when lmtp_rcpt_check_quota=yes
- doveadm sync -1 fails when local mailboxes exist that do not
exist remotely. This commonly happened when lazy_expunge
mailbox was autocreated when incremental sync expunged mails.
- pop3: rawlog_dir setting didn\'t work
- dovecot-lda was logging to stderr instead of to the log file.

Thu Aug 31 14:00:00 2017 mrueckertAATTsuse.de
- drop autoreconf -fi

Sun Aug 27 14:00:00 2017 mrueckertAATTsuse.de
- update pigeonhole to 0.4.20
+ Made the retention period for redirect duplicate identifiers
configurable. For accounts that perform many redirects, the
lda-dupes database could grow to impractical sizes. Changed the
default retention period from 24 to 12 hours.
- sieve-filter: Fixed memory leak: forgot to clean up script
binary at end of execution. Normally, this would merely be an
inconsequential memory leak. However, when the script comes
from an LDAP storage, this would cause io leak warnings.
- managesieve-login: Fixed handling of AUTHENTICATE command. A
second authenticate command would be parsed wrong. This problem
was caused by changes in the previous release.
- LDA Sieve plugin: Fixed minor memory leak caused by not
cleaning up the sieve_discard script.

Thu Aug 24 14:00:00 2017 mrueckertAATTsuse.de
- update to 2.2.32

* imapc: Info-level line is logged every time when successfully
connected to the remote server. This includes local/remote
IP/port, which can be useful for matching against external
logs.

* config: Log a warning if plugin { key=no } is used explicitly.
v2.3 will support \"no\" properly in plugin settings, but for now
any value at all for a boolean plugin setting is treated as
\"yes\", even if it\'s written as explicit \"no\". This change will
now warn that it most likely won\'t work as intended.
+ Various optimizations to avoid accessing files/directories when
it\'s not necessary. Especially avoid accessing mail root
directories when INDEX directories point to a different
filesystem.
+ mail_location can now include ITERINDEX parameter. This tells
Dovecot to perform mailbox listing from the INDEX path instead
of from the mail root path. It\'s mainly useful when the INDEX
storage is on a faster storage.
+ mail_location can now include VOLATILEDIR= parameter.
This is used for creating lock files and in future potentially
other files that don\'t need to exist permanently. The path
could point to tmpfs for example. This is especially useful to
avoid creating lock files to NFS or other remote filesystems.
For example:
mail_location=sdbox:~/sdbox:VOLATILEDIR=/tmp/volatile/%2.256Nu/%u
+ mail_location\'s LISTINDEX= can now contain a full path.
This allows storing mailbox list index to a different storage
than the rest of the indexes, for example to tmpfs.
+ mail_location can now include NO-NOSELECT parameter. This
automatically deletes any \\NoSelect mailboxes that have no
children. These mailboxes are sometimes confusing to users.
+ mail_location can now include BROKENCHAR= parameter.
This can be useful with imapc to access mailbox names that
aren\'t valid mUTF-7 charset from remote servers.
+ If mailbox_list_index_very_dirty_syncs=yes, the list index is
no longer refreshed against filesystem when listing mailboxes.
This allows the mailbox listing to be done entirely by only
reading the mailbox list index.
+ Added mailbox_list_index_include_inbox setting to control
whether INBOX\'s STATUS information should be cached in the
mailbox list index. The default is \"no\", but it may be useful
to change it to \"yes\", especially if LISTINDEX points to tmpfs.
+ userdb can return chdir=, which override mail_home for
the chdir location. This can be useful to avoid accessing home
directory on login.
+ userdb can return postlogin= to specify per-user
imap/pop3 postlogin socket path.
+ cassandra: Add support for result paging by adding
page_size= parameter to the connect setting.
+ dsync/imapc, pop3-migration plugin: Strip also trailing tabs
from headers when matching mails. This helps with migrations
from Zimbra.
+ imap_logout_format supports now %{appended} and %{autoexpunged}
+ virtual plugin: Optimize IDLE to use mailbox list index for
finding out when something has changed.
+ Added apparmor plugin.
See https://wiki2.dovecot.org/Plugins/Apparmor
- virtual plugin: A lot of fixes. In many cases it was also
working very inefficiently or even incorrectly.
- imap: NOTIFY parameter parsing was incorrectly \"fixed\" in
v2.2.31. It was actually (mostly) working in previous
versions, but broken in v2.2.31.
- Modseq tracking didn\'t always work correctly. This could have
caused imap unhibernation to fail or IMAP QRESYNC/CONDSTORE
extensions to not work perfectly.
- mdbox: \"Inconsistency in map index\" wasn\'t fixed automatically
- dict-ldap: %variable values used in the LDAP filter weren\'t
escaped.
- quota=count: quota_warning = -storage=.. was never executed
(try #2). v2.2.31 fixed it for -messages, but not for
- storage.
- imapc: >= 32 kB mail bodies were supposed to be cached for
subsequent FETCHes, but weren\'t.
- quota-status service didn\'t support recipient_delimiter
- acl: Don\'t access dovecot-acl-list files with
acl_globals_only=yes
- mail_location: If INDEX dir is set, mailbox deletion deletes
its childrens\' indexes. For example if \"box\" is deleted,
\"box/child\" index directory was deleted as well (but mails were
preserved).
- director: v2.2.31 caused rapid reconnection loops to directors
that were down.
- drop patches:
de5d6bb50931ea243f582ace5a31abb11b619ffe.patch
bcb321bc62117d30bc53a872ca1154c0100aeefd.patch
8b2d740b8182c63b76ff7ef0dd5e01710228705a.patch
- new BR: libapparmor-devel

Mon Jul 3 14:00:00 2017 mrueckertAATTsuse.de
- added de5d6bb50931ea243f582ace5a31abb11b619ffe.patch:
Do not attempt to deinitialize backend if it\'s not set

Mon Jul 3 14:00:00 2017 mrueckertAATTsuse.de
- Fix notify extension
(https://www.dovecot.org/pipermail/dovecot/2017-June/108474.html)
bcb321bc62117d30bc53a872ca1154c0100aeefd.patch
8b2d740b8182c63b76ff7ef0dd5e01710228705a.patch

Tue Jun 27 14:00:00 2017 mrueckertAATTsuse.de
- update dovecot-2.2.31-dhparams_fips_mode.patch to also work with
libressl

Mon Jun 26 14:00:00 2017 mrueckertAATTsuse.de
- added dovecot-2.2.31-dhparams_fips_mode.patch (boo#1045662)
- make sure we do not generate dhparams smaller than 2048 in fips
mode

Fri Jun 23 14:00:00 2017 mrueckertAATTsuse.de
- update to 2.2.31

* LMTP: Removed \"(Dovecot)\" from added Received headers. Some
installations want to hide it, and there\'s not really any good
reason for anyone to have it.
+ Add ssl_alt_cert and ssl_alt_key settings to add support for
having both RSA and ECDSA certificates.
+ dsync/imapc, pop3-migration plugin: Strip trailing whitespace
from headers when matching mails. This helps with migrations
from Zimbra.
+ acl: Add acl_globals_only setting to disable looking up
per-mailbox dovecot-acl files.
+ Parse invalid message addresses better. This mainly affects the
generated IMAP ENVELOPE replies.
- v2.2.30 wasn\'t fixing corrupted dovecot.index.cache files
properly. It could have deleted wrong mail\'s cache or
assert-crashed.
- v2.2.30 mail-crypt-acl plugin was assert-crashing
- v2.2.30 welcome plugin wasn\'t working
- Various fixes to handling mailbox listing. Especially related
to handling nonexistent autocreated/autosubscribed mailboxes
and ACLs.
- Global ACL file was parsed as if it was local ACL file. This
caused some of the ACL rule interactions to not work exactly as
intended.
- auth: forward_
* fields didn\'t work properly: Only the first
forward field was working, and only if the first passdb lookup
succeeded.
- Using mail_sort_max_read_count sometimes caused \"Broken sort-
*
indexes, resetting\" errors.
- Using mail_sort_max_read_count may have caused very high CPU
usage.
- Message address parsing could have crashed on invalid input.
- imapc_features=fetch-headers wasn\'t always working correctly
and caused the full header to be fetched.
- imapc: Various bugfixes related to connection failure handling.
- quota=imapc sent unnecessary FETCH RFC822.SIZE to server when
expunging mails.
- quota=count: quota_warning = -storage=.. was never executed
- quota=count: Add support for \"ns\" parameter
- dsync: Fix incremental syncing for mails that don\'t have Date
or Message-ID headers.
- imap: Fix hang when client sends pipelined SEARCH +
EXPUNGE/CLOSE/LOGOUT.
- oauth2: Token validation didn\'t accept empty server responses.
- imap: NOTIFY command has been almost completely broken since
the beginning. I guess nobody has been trying to use it.
- update pigeonhole to 0.4.19

* This release adjusts Pigeonhole to several changes in the
Dovecot API, making it depend on Dovecot v2.2.31. Previous
versions of Pigeonhole will produce compile warnings with the
recent Dovecot releases (but still work ok).
- Fixed bug in handling of implicit keep in some cases. Implicit
side-effects, such as assigned flags, were not always applied
correctly. This is in essence a very old bug, but it was
exposed by recent changes.
- include extension: Fixed segfault that (sometimes) occurred
when the global script location was left unconfigured.
- drop 3e1a17a286ab0e084577fc267a442cb12aed1cbc.patch:
included in pigeonhole 0.4.19
- refreshed patches to apply cleanly again:
dovecot-2.2.18-better_ssl_defaults.patch
dovecot-2.2.18-dont_use_etc_ssl_certs.patch

Thu Jun 8 14:00:00 2017 mrueckertAATTsuse.de
- update to 2.2.30.2
- auth: Multiple failed authentications within short time caused
crashes
- push-notification: OX driver crashed at deinit

Thu Jun 1 14:00:00 2017 mrueckertAATTsuse.de
- update to 2.2.30.1 (boo# 1044110)
- quota_warning scripts weren\'t working in v2.2.30
- vpopmail still wasn\'t compiling

* auth: Use timing safe comparisons for everything related to
passwords. It\'s unlikely that these could have been used for
practical attacks, especially because Dovecot delays and
flushes all failed authentications in 2 second intervals. Also
it could have worked only when passwords were stored in
plaintext in the passdb.

* master process sends SIGQUIT to all running children at
shutdown, which instructs them to close all the socket
listeners immediately. This way restarting Dovecot should no
longer fail due to some processes keeping the listeners open
for a long time.
+ auth: Add passdb { mechanisms=none } to match separate passdb
lookup
+ auth: Add passdb { username_filter } to use passdb only if user
matches the filter. See
https://wiki2.dovecot.org/PasswordDatabase
+ dsync: Add dsync_commit_msgs_interval setting. It attempts to
commit the transaction after saving this many new messages.
Because of the way dsync works, it may not always be possible
if mails are copied or UIDs need to change.
+ imapc: Support imapc_features=search without ESEARCH extension.
+ imapc: Add imapc_features=fetch-bodystructure to pass through
remote server\'s FETCH BODY and BODYSTRUCTURE.
+ imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on
the remote server.
+ passdb imap: Add allow_invalid_cert and ssl_ca_file parameters.
+ If dovecot.index.cache corruption is detected, reset only the
one corrupted mail instead of the whole file.
+ doveadm mailbox status: Add \"firstsaved\" field.
+ director_flush_socket: Add old host\'s up/down and vhost count
as parameters
- More fixes to automatically fix corruption in
dovecot.list.index
- dsync-server: Fix support for
dsync_features=empty-header-workaround
- imapc: Various bugfixes, including infinite loops on some
errors
- IMAP NOTIFY wasn\'t working for non-INBOX if IMAP client hadn\'t
enabled modseq tracking via CONDSTORE/QRESYNC.
- fts-lucene: Fix it to work again with mbox format
- Some internal error messages may have contained garbage in
v2.2.29
- mail-crypt: Re-encrypt when copying/moving mails and
per-mailbox keys are used. Otherwise the copied mails can\'t be
opened.
- vpopmail: Fix compiling

Fri Apr 28 14:00:00 2017 mrueckertAATTsuse.de
- added 3e1a17a286ab0e084577fc267a442cb12aed1cbc.patch:
fix flags with implicit keeps in sieve rules

Tue Apr 25 14:00:00 2017 mrueckertAATTsuse.de
- fix dovecot-2.2.18-better_ssl_defaults.patch:
aNULLLL is not a valid token, use aNULL.

Wed Apr 12 14:00:00 2017 mrueckertAATTsuse.de
- update to 2.2.29.1 (boo#1032248)
- imapc reconnection fix was forgotten from 2.2.29 release, which
also made \"make check\" fail in a unit test
- dict-sql: Merging multiple UPDATEs to a single statement wasn\'t
actually working.
- Fixed building with vpopmail

* passdb/userdb dict: Don\'t double-expand %variables in keys. If
dict was used as the authentication passdb, using specially
crafted
%variables in the username could be used to cause DoS
%(CVE-2017-2669)

* When Dovecot encounters an internal error, it logs the real
error and usually logs another line saying what function
failed. Previously the second log line\'s error message was a
rather uninformative \"Internal error occurred. Refer to server
log for more information.\" Now the real error message is
duplicated in this second log line.

* lmtp: If a delivery has multiple recipients, run autoexpunging
only for the last recipient. This avoids a problem where a long
autoexpunge run causes LMTP client to timeout between the DATA
replies, resulting in duplicate mail deliveries.

* config: Don\'t stop the process due to idling. Otherwise the
configuration is reloaded when the process restarts.

* mail_log plugin: Differentiate autoexpunges from regular
expunges

* imapc: Use LOGOUT to cleanly disconnect from server.

* lib-http: Internal status codes (>9000) are no longer visible
in logs

* director: Log vhost count changes and HOST-UP/DOWN
+ quota: Add plugin { quota_max_mail_size } setting to limit the
maximum individual mail size that can be saved.
+ imapc: Add imapc_features=delay-login. If set, connecting to
the remote IMAP server isn\'t done until it\'s necessary.
+ imapc: Add imapc_connection_retry_count and
imapc_connection_retry_interval settings.
+ imap, pop3, indexer-worker: Add (deinit) to process title
before autoexpunging runs.
+ Added %{encrypt} and %{decrypt} variables
+ imap/pop3 proxy: Log proxy state in errors as human-readable
string.
+ imap/pop3-login: All forward_
* extra fields returned by passdb
are sent to the next hop when proxying using ID/XCLIENT
commands. On the receiving side these fields are imported and
sent to auth process where they\'re accessible via
%{passdb:forward_
*}. This is done only if the sending IP
address matches login_trusted_networks.
+ imap-login: If imap_id_retain=yes, send the IMAP ID string to
auth process. %{client_id} expands to it in auth process. The
ID string is also sent to the next hop when proxying.
+ passdb imap: Use ssl_client_ca_
* settings for CA validation.
- fts-tika: Fixed crash when parsing attachment without
Content-Disposition header. Broken by 2.2.28.
- trash plugin was broken in 2.2.28
- auth: When passdb/userdb lookups were done via auth-workers,
too much data was added to auth cache. This could have resulted
in wrong replies when using multiple passdbs/userdbs.
- auth: passdb { skip & mechanisms } were ignored for the first
passdb
- oauth2: Various fixes, including fixes to crashes
- dsync: Large Sieve scripts (or other large metadata) weren\'t
always synced.
- Index rebuild (e.g. doveadm force-resync) set all mails as
\\Recent
- imap-hibernate: %{userdb:
*} wasn\'t expanded in mail_log_prefix
- doveadm: Exit codes weren\'t preserved when proxying commands
via doveadm-server. Almost all errors used exit code 75
(tempfail).
- ACLs weren\'t applied to not-yet-existing autocreated mailboxes.
- Fixed a potential crash when parsing a broken message header.
- cassandra: Fallback consistency settings weren\'t working
correctly.
- doveadm director status : \"Initial config\" was always
empty
- imapc: Various reconnection fixes.
- update pigeonhole to 0.4.18
+ imapsieve plugin: Implemented the copy_source_after rule
action. When this is enabled for a mailbox rule, the specified
Sieve script is executed for the message in the source mailbox
during a \"COPY\" event. This happens only after the Sieve script
that is executed for the corresponding message in the
destination mailbox finishes running successfully.
+ imapsieve plugin: Added non-standard Sieve environment items
for the source and destination mailbox.
- multiscript: The execution of the discard script had an
implicit \"keep\", rather than an implicit \"discard\".
- refreshed dovecot-2.2.18-better_ssl_defaults.patch
- moved the libdovecot-ldap.so symlink to the devel package

Mon Feb 27 13:00:00 2017 mrueckertAATTsuse.de
- dcrypt is only build with ECC enabled openssl. This seems to be
missing on SLE 11. Guard against that now.

Mon Feb 27 13:00:00 2017 mrueckertAATTsuse.de
- update pigeonhole to 0.4.17
- LDA Sieve plugin: Fixed handling of an early explicit keep
during multiscript execution. Action side-effects and the
message snapshot would be lost at the final stage where the
implicit keep is evaluated. This could result in the IMAP flags
assigned to the message to be forgotten or that headers
modified by the \"editheader\" extension would revert to their
original state.
- file script storage: Amended the up-to-date time stamp
comparison for on-disk binaries to include nanoseconds. This
will fix problems occurring when both binary and script are
saved within the same second. This fix is ineffective on older
systems that have no support for nanoseconds in stat()
timestamps, which should be pretty rare nowadays.
- file script storage: Improve saving and listing permission
error to include more details.
- imapsieve plugin: Make sure \"INBOX\" is upper case in static
mailbox rules. Otherwise, the mailbox name would never match,
since matching is performed case-sensitively and Dovecot only
returns the upper-cased \"INBOX\".
- imapsieve plugin: Fixed assert failure occurring when used with
virtual mailboxes.
- doveadm sieve plugin: Fixed crash when setting Sieve script via
attribute\'s string value.

Fri Feb 24 13:00:00 2017 mrueckertAATTsuse.de
- update to 2.2.28

* director: \"doveadm director move\" to same host now refreshes
user\'s timeout. This allows keeping user constantly in the same
backend by just periodically moving the user there.

* When new mailbox is created, use initially INBOX\'s
dovecot.index.cache caching decisions.

* Expunging mails writes GUID to dovecot.index.log now only if
the GUID is quickly available from index/cache.

* pop3c: Increase timeout for PASS command to 5 minutes.

* Mail access errors are no longer ignored when searching or
sorting. With IMAP the untagged SEARCH/SORT reply is still
sent the same as before, but NO reply is returned instead of
OK.
+ Make dovecot.list.index\'s filename configurable. This is needed
when there are multiple namespaces pointing to the same mail
root (e.g. lazy_expunge namespace for mdbox).
+ Add size.virtual to dovecot.index when folder vsizes are
accessed (e.g. quota=count). This is mainly a workaround to
avoid slow quota recalculation performance when message sizes
get lost from dovecot.index.cache due to corruption or some
other reason.
+ auth: Support OAUTHBEARER and XOAUTH2 mechanisms. Also support
them in lib-dsasl for client side.
+ auth: Support filtering by SASL mechanism:
passdb { mechanisms }
+ Shrink the mail processes\' memory usage by not storing settings
duplicated unnecessarily many times.
+ imap: Add imap_fetch_failure setting to control what happens
when FETCH fails for some mails (see example-config).
+ imap: Include info about last command in disconnection log
line.
+ imap: Created new SEARCH=X-MIMEPART extension. It\'s currently
not advertised by default, since it\'s not fully implemented.
+ fts-solr: Add support for basic authentication.
+ Cassandra: Support automatically retrying failed queries if
execution_retry_interval and execution_retry_times are set.
+ doveadm: Added \"mailbox path\" command.
+ mail_log plugin: If plugin { mail_log_cached_only=yes }, log
the wanted fields only if it doesn\'t require opening the email.
+ mail_vsize_bg_after_count setting added (see example-config).
+ mail_sort_max_read_count setting added (see example-config).
+ pop3c: Added pop3c_features=no-pipelining setting to prevent
using PIPELINING extension even though it\'s advertised.
- Index files: day_first_uid wasn\'t updated correctly since
v2.2.26. This caused dovecot.index.cache to be non-optimal.
- imap: SEARCH/SORT may have assert-crashed in
client_check_command_hangs
- imap: FETCH X-MAILBOX may have assert-crashed in virtual
mailboxes.
- imap: Running time in tagged command reply was often wrongly 0.
- search: Using NOT n:
* or NOT UID n:
* wasn\'t handled correctly
- director: doveadm director kick was broken
- director: Fix crash when using director_flush_socket
- director: Fix some bugs when moving users between backends
- imapc: Various error handling fixes and improvements
- master: doveadm process status output had a lot of duplicates.
- autoexpunge: If mailbox\'s rename timestamp is newer than mail\'s
save-timestamp, use it instead. This is useful when
autoexpunging e.g. Trash/
* and an entire mailbox is deleted by
renaming it under Trash to prevent it from being autoexpunged
too early.
- autoexpunge: Multiple processes may have been trying to expunge
the same mails simultaneously. This was problematic especially
with lazy_expunge plugin.
- auth: %{passdb:
*} was empty in auth-worker processes
- auth-policy: hashed_password was always sent empty.
- dict-sql: Merge multiple UPDATEs to a single statement if
possible.
- fts-solr: Escape {} chars when sending queries
- fts: fts_autoindex_exclude = \\Special-use caused crashes
- doveadm-server: Fix leaks and other problems when process is
reused for multiple requests (service_count != 1)
- sdbox: Fix assert-crash on mailbox create race
- lda/lmtp: deliver_log_format values weren\'t entirely correct if
Sieve was used. especially %{storage_id} was broken.
- lmtp_user_concurrency_limit didn\'t work if userdb changed
username
- drop obsolete patches:
dovecot-2.2.27-endian.patch
79195413c349af7f9ce26871bf79c70af07ea7ce.patch

Sun Feb 19 13:00:00 2017 kukukAATTsuse.com
- Remove superfluous insserv PreReq.

Wed Feb 15 13:00:00 2017 mrueckertAATTsuse.de
- added dovecot-2.2.27-endian.patch:
fixes testsuite on s390(x)

Mon Feb 6 13:00:00 2017 mrueckertAATTsuse.de
- added 79195413c349af7f9ce26871bf79c70af07ea7ce.patch:
backport patch from git to fix crashes when using FTS plugins

Tue Dec 6 13:00:00 2016 mrueckertAATTsuse.de
- update to 2.2.27

* dovecot.list.index.log rotation sizes/times were changed so
that the .log file stays smaller and .log.2 is deleted sooner.
+ Added mail_crypt plugin that allows encryption of stored
emails. See http://wiki2.dovecot.org/Plugins/MailCrypt
+ stats: Global stats can be sent to Carbon server by setting
stats_carbon_server=ip:port
+ imap/pop3 proxy: If passdb returns proxy_not_trusted, don\'t
send ID/XCLIENT
+ Added generic hash modifier for %variables:
%{;rounds=,truncate=,salt=s>:field}
Hash algorithm is any of the supported ones, e.g. md5, sha1,
sha256. Also \"pkcs5\" is supported using SHA256. For example:
%{sha256:user} or %{md5;truncate=32:user}.
+ Added support for SHA3-256 and SHA3-512 hashes.
+ config: Support DNS wildcards in local_name, e.g.
local_name
*.example.com { .. } matches anything.example.com,
but not multiple.anything.example.com.
+ config: Support multiple names in local_name, e.g.
local_name \"1.example.com 2.example.com\" { .. }
- Fixed crash in auth process when auth-policy was configured and
authentication was aborted/failed without a username set.
- director: If two users had different tags but the same hash,
the users may have been redirected to the wrong tag\'s hosts.
- Index files may have been thought incorrectly lost, causing
\"Missing middle file seq=..\" to be logged and index rebuild.
This happened more easily with IMAP hibernation enabled.
- Various fixes to restoring state correctly in un-hibernation.
- dovecot.index files were commonly 4 bytes per email too large.
This is because 3 bytes per email were being wasted that could
have been used for IMAP keywords.
- Various fixes to handle dovecot.list.index corruption better.
- lib-fts: Fixed assert-crash in address tokenizer with specific
input.
- Fixed assert-crash in HTML to text parsing with specific input
(e.g. for FTS indexing or snippet generation)
- doveadm sync -1: Fixed handling mailbox GUID conflicts.
- sdbox, mdbox: Perform full index rebuild if corruption is
detected inside lib-index, which runs index fsck.
- quota: Don\'t skip quota checks when moving mails between
different quota roots.
- search: Multiple sequence sets or UID sets in search parameters
weren\'t handled correctly. They were incorrectly merged
together.
- refreshed patches to apply cleanly again
dovecot-2.2.18-better_ssl_defaults.patch
dovecot-2.2.18-dont_use_etc_ssl_certs.patch
- drop dovecot-2.2.25-umask_for_mkcert.patch, included upstream

Fri Nov 11 13:00:00 2016 mrueckertAATTsuse.de
- update to 2.2.26.0
- Fixed some compiling issues.
- auth: Fixed assert-crash when using NTLM or SKEY mechanisms and
multiple passdbs.
- auth: Fixed crash when exporting to auth-worker passdb extra
fields that had empty values.
- dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit

* master: Removed hardcoded 511 backlog limit for listen().
The kernel should limit this as needed.

* doveadm import: Source user is now initialized the same as
target user. Added -U parameter to override the source user.

* Mailbox names are no longer limited to 16 hierarchy levels.
We\'ll check another way to make sure mailbox names can\'t grow
larger than 4096 bytes.
+ Added a concept of \"alternative usernames\" by returning user_
*
extra field(s) in passdb. doveadm proxy list shows these alt
usernames in \"doveadm proxy list\" output. \"doveadm
director&proxy kick\" adds -f parameter. The alt
usernames don\'t have to be unique, so this allows creation of
user groups and kicking them in one command.
+ auth: passdb/userdb dict allows now %variables in key settings.
+ auth: If passdb returns noauthenticate=yes extra field, assume
that it only set extra fields and authentication wasn\'t
actually performed.
+ auth: passdb static now supports password={scheme} prefix.
+ auth, login_log_format_elements: Added %{local_name} variable,
which expands to TLS SNI hostname if given.
+ imapc: Added imapc_max_line_length to limit maximum memory
usage.
+ imap, pop3: Added rawlog_dir setting to store IMAP/POP3 traffic
logs. This replaces at least partially the rawlog plugin.
+ dsync: Added dsync_features=empty-header-workaround setting.
This makes incremental dsyncs work better for servers that
randomly return empty headers for mails. When an empty header
is seen for an existing mail, dsync assumes that it matches the
local mail.
+ doveadm sync/backup: Added -I parameter to skip too
large mails.
+ doveadm sync/backup: Fixed -t parameter and added -e for
\"end date\".
+ doveadm mailbox metadata: Added -s parameter to allow accessing
server metadata by using empty mailbox name.
+ Added \"doveadm service status\" and \"doveadm process status\"
commands.
+ director: Added director_flush_socket. See
http://wiki2.dovecot.org/Director#Flush_socket
+ doveadm director flush: Users are now moved only max 100 at a
time to avoid load spikes. --max-parallel parameter overrides
this.
+ Added FILE_LOCK_SLOW_WARNING_MSECS environment, which logs a
warning if any lock is waited on or kept for this many
milliseconds.
- master process\'s listener socket was leaked to all child
processes. This might have allowed untrusted processes to
capture and prevent \"doveadm service stop\" comands from
working.
- login proxy: Fixed crash when outgoing SSL connections were
hanging.
- auth: userdb fields weren\'t passed to auth-workers, so
%{userdb:
*} from previous userdbs didn\'t work there.
- auth: Each userdb lookup from cache reset its TTL.
- auth: Fixed auth_bind=yes + sasl_bind=yes to work together
- auth: Blocking userdb lookups reset extra fields set by
previous userdbs.
- auth: Cache keys didn\'t include %{passdb:
*} and %{userdb:
*}
- auth-policy: Fixed crash due to using already-freed memory if
policy lookup takes longer than auth request exists.
- lib-auth: Unescape passdb/userdb extra fields. Mainly affected
returning extra fields with LFs or TABs.
- lmtp_user_concurrency_limit>0 setting was logging unnecessary
anvil errors.
- lmtp_user_concurrency_limit is now checked before quota check
with lmtp_rcpt_check_quota=yes to avoid unnecessary quota work.
- lmtp: %{userdb:
*} variables didn\'t work in mail_log_prefix
- autoexpunge settings for mailboxes with wildcards didn\'t work
when namespace prefix was non-empty.
- Fixed writing >2GB to iostream-temp files (used by fs-compress,
fs-metawrap, doveadm-http)
- director: Ignore duplicates in director_servers setting.
- director: Many fixes related to connection handshaking, user
moving and error handling.
- director: Don\'t break with shutdown_clients=no
- zlib, IMAP BINARY: Fixed internal caching when accessing
multiple newly created mails. They all had UID=0 and the next
mail could have wrongly used the previously cached mail.
- doveadm stats reset wasn\'t reseting all the stats.
- auth_stats=yes: Don\'t update num_logins, since it doubles them
when using with mail stats.
- quota count: Fixed deadlocks when updating vsize header.
- dict-quota: Fixed crashes happening due to memory corruption.
- dict proxy: Fixed various timeout-related bugs.
- doveadm proxying: Fixed -A and -u wildcard handling.
- doveadm proxying: Fixed hangs and bugs related to printing.
- imap: Fixed wrongly triggering assert-crash in
client_check_command_hangs.
- imap proxy: Don\'t send ID command pipelined with
nopipelining=yes
- imap-hibernate: Don\'t execute quota_over_script or last_login
after un-hibernation.
- imap-hibernate: Don\'t un-hibernate if client sends DONE+IDLE in
one IP packet.
- imap-hibernate: Fixed various failures when un-hibernating.
- fts: fts_autoindex=yes was broken in 2.2.25 unless
fts_autoindex_exclude settings existed.
- fts-solr: Fixed searching multiple mailboxes (patch by x16a0)
- doveadm fetch body.snippet wasn\'t working in 2.2.25. Also fixed
a crash with certain emails.
- pop3-migration + dbox: Various fixes related to POP3 UIDL
optimization in 2.2.25.
- pop3-migration: Fixed \"truncated email header\" workaround.
- update pigeonhole to 0.4.15

* Part of the Sieve extprograms implementation was moved to
Dovecot, which means that this release depends on Dovecot
v2.2.26+.

* ManageSieve: The PUTSCRIPT command now allows uploading empty
Sieve scripts. There was really no good reason to disallow
doing that.
+ Sieve vnd.dovecot.report extension:
+ Added a Dovecot-Reporting-User field to the report body,
which contains the e-mail address of the user sending the
report.
+ Added support for configuring the \"From:\" address used in
the report.
+ LDA sieve plugin: Implemented support for a \"discard script\"
that is run when the message is going to be discarded. This
allows doing something other than throwing the message away for
good.
+ Sieve vnd.dovecot.environment extension:
Added vnd.dovecot.config.
* environment items. These environment
items map to sieve_env_
* settings from the plugin {} section in
the configuration. Such values can of course also be returned
from userdb.
+ Sieve vacation extension: Use the Microsoft
X-Auto-Response-Suppress header to prevent unwanted responses
from and to (older) Microsoft products.
+ ManageSieve: Added rawlog_dir setting to store ManageSieve
traffic logs. This replaces at least partially the rawlog
plugin (mimics similar IMAP/POP3 change).
- doveadm sieve plugin: synchronization: Prevent setting file
timestamps to unix epoch time. This occurred when Dovecot
passed the timestamp as \'unknown\' during synchronization.
- Sieve exprograms plugin: Fixed spurious \'+\' sometimes returned
at the end of socket-based program output.
- imapsieve plugin: Fixed crash occurring in specific situations.
- Performed various fixes based on static analysis and Clang
warnings.
- drop obsolete patches:
0001-auth-Introduce-db_ldap_bind_sasl-function.patch
0002-auth-Fix-default-SASL-bind-for-LDAP.patch

Fri Nov 11 13:00:00 2016 mrueckertAATTsuse.de
- added dovecot-2.2.25-umask_for_mkcert.patch:
CVE-2016-4983 (bnc #984639)

Mon Oct 10 14:00:00 2016 matwey.kornilovAATTgmail.com
- Add 0001-auth-Introduce-db_ldap_bind_sasl-function.patch
0002-auth-Fix-default-SASL-bind-for-LDAP.patch:
Fix LDAP based authentication for some setups (boo #1003952)

Fri Jul 8 14:00:00 2016 mrueckertAATTsuse.de
- update pigeonhole to 0.4.15

* vacation extension: The sieve_user_email setting is now used
in the check for implicit delivery.
- imapsieve plugin: For any mail transaction, the mailbox was
opened a second time, even if no mailbox rule matched. This was
unintentional, useless and caused problems when the imapsieve
plugin was used with other plugins like acl.
- extprograms plugin: Significantly improved error handling. No
stream errors were logged.
- extprograms plugin: Fixed bug in handling of result code from
remote program (script service).
- extprograms plugin: Connection to remote program service was
not retried.
- Several small fixes based on static analysis.
- Fixed handling of quoted string localparts in email addresses.

Mon Jul 4 14:00:00 2016 mrueckertAATTsuse.de
- update to 2.2.25

* lmtp: Start tracking lmtp_user_concurrency_limit and reject
already at RCPT TO stage. This avoids MTA unnecessarily
completing DATA only to get an error.

* doveadm: Previously only mail settings were read from protocol
doveadm { .. } section. Now all settings are.
+ quota: Added quota_over_flag_lazy_check setting. It avoids
checking quota_over_flag always at startup. Instead it\'s
checked only when quota is being read for some other purpose.
+ auth: Added a new auth policy service:
http://wiki2.dovecot.org/Authentication/Policy
+ auth: Added PBKDF2 password scheme
+ auth: Added %{auth_user}, %{auth_username} and %{auth_domain}
+ auth: Added \":remove\" suffix to extra field names to remove
them.
+ auth: Added \"delay_until=[+]\"
passdb extra field. The auth will wait until and
optionally some randomness and then return success.
+ dict proxy: Added idle_msecs= parameter. Support async
operations.
+ Performance improvements for handling large mailboxes.
+ Added lib-dcrypt API for providing cryptographic functions.
+ Added \"doveadm mailbox update\" command
+ imap commands\' output now includes timing spent on the
\"syncing\" stage if it\'s larger than 0.
+ cassandra: Added metrics= to connect setting to output
internal statistics in JSON format every second to .
+ doveadm mailbox delete: Added -e parameter to delete only empty
mailboxes. Added --unsafe option to quickly delete a mailbox,
bypassing lazy_expunge and quota plugins.
+ doveadm user & auth cache flush are now available via
doveadm-server.
+ doveadm service stop will stop specified services
while leaving the rest of Dovecot running.
+ quota optimization: Avoid reading mail sizes for backends which
don\'t need them (count, fs, dirsize)
+ Added mailbox { autoexpunge_max_mails= } setting.
+ Added welcome plugin: http://wiki2.dovecot.org/Plugins/Welcome
+ fts: Added fts_autoindex_exclude setting.
- v2.2.24\'s MIME parser was assert-crashing on mails having
truncated MIME headers.
- auth: With multiple userdbs the final success/failure result
wasn\'t always correct. The last userdb\'s result was always
used.
- doveadm backup was sometimes deleting entire mailboxes
unnecessarily.
- doveadm: Command -parameters weren\'t being sent to
doveadm-server.
- If dovecot.index read failed e.g. because mmap() reached VSZ
limit, an empty index could have been opened instead,
corrupting the mailbox state.
- imapc: Fixed EXPUNGE handling when imapc_features didn\'t have
modseq.
- lazy-expunge: Fixed a crash when copying failed. Various other
fixes.
- fts-lucene: Fixed crash on index rescan.
- auth_stats=yes produced broken output
- dict-ldap: Various fixes
- dict-sql: NULL values crashed. Now they\'re treated as \"not
found\".
- update pigeonhole 0.4.15.rc1
- imapsieve plugin: For any mail transaction, the mailbox was
opened a second time, even if no mailbox rule matched. This was
unintentional, useless and caused problems when the imapsieve
plugin was used with other plugins like acl.
- extprograms plugin: Significantly improved error handling. No
stream errors were logged.
- Several small fixes based on static analysis.
- drop patch dovecot-2.2.24-lucene-crashfix.patch

Mon Jun 27 14:00:00 2016 wrAATTrosenauer.org
- fixed crash in fts-lucene
dovecot-2.2.24-lucene-crashfix.patch
https://github.com/dovecot/core/commit/0f801c1bd3d684c219d7f3b1e75f8b85f66f7951

Tue Apr 26 14:00:00 2016 mrueckertAATTsuse.de
- update pigeonhole 0.4.14

* The address test now allows specifying the X-Original-To header.
+ Implemented the Sieve imapsieve extension and its IMAP
counterpart (RFC 6785) as a set of plugins. This allows running
Sieve scripts at IMAP activity, rather than at delivery. There
are also facilities for the familiar sieve_before/sieve_after
administrator scripts. A user script is defined for a mailbox
using an IMAP METADATA entry, whereas administrator scripts are
configured using mailbox matching rules defined in the plugin
settings.
+ Adjusted the Sieve ihave extension to allow capability tests to
be performed at runtime. This way, scripts can be written that
work both at delivery and from IMAP.
+ Implemented support for runtime trace debugging. This means
that detailed information about which commands, actions and
tests are performed is written to a file. That file is created
in the configured directory, but only if that directory exists.
This way, a particular user can be easily singled out for
debugging. This works much like the Dovecot rawlog facility.
The trace output is identical to what is produced using
sieve-test with its \"-t\" command line option.
+ Added a \"sieve_user_email\" setting that configures the user\'s
primary email address. This is mainly useful to have a user
email address available in IMAP, where envelope data is
unavailable.
+ Implemented the dovecot-specific \"vnd.dovecot.report\"
extension. This allows sending report messages in the Message
Abuse Reporting Format (RFC 5965).
- extprograms plugin: Fixed epoll() panic caused by closing the
output FD before the output stream.
- Made sure that the local part of a mail address is encoded
properly using quoted string syntax when it is not a dot-atom.

Tue Apr 26 14:00:00 2016 mrueckertAATTsuse.de
- update to 2.2.24

* doveconf now warns if it sees a global setting being changed
when the same setting was already set inside some filters. (A
common mistake has been adding more plugins to a global
mail_plugins setting after it was already set inside protocol
{ .. }, which caused the global setting to be ignored for that
protocol.)

* LMTP proxy: Increased default timeout 30s -> 125s. This makes
it less likely to reach the timeout and cause duplicate
deliveries.

* LMTP and indexer now append \":suffix\" to session IDs to make
it unique for the specific user\'s delivery. (Fixes duplicate
session ID warnings in stats process.)
+ Added dict-ldap for performing read-only LDAP dict lookups.
+ lazy-expunge: All mails can be saved to a single specified
mailbox.
+ mailbox { autoexpunge } supports now wildcards in mailbox
names.
+ doveadm HTTP API: Added support for proxy commands
+ imapc: Reconnect when getting disconnected in non-selected
state.
+ imapc: Added imapc_features=modseq to access
MODSEQs/HIGHESTMODSEQ. This is especially useful for
incremental dsync.
+ doveadm auth/user: Auth lookup performs debug logging if -o
auth_debug=yes is given to doveadm.
+ Added passdb/userdb { auth_verbose=yes|no } setting.
+ Cassandra: Added user, password, num_threads, connect_timeout
and request_timeout settings.
+ doveadm user -e : Print with %variables
expanded.
- Huge header lines could have caused Dovecot to use too much
memory (depending on config and used IMAP commands).
(Typically this would result in only the single user\'s process
dying with out of memory due to reaching service { vsz_limit }
- not a global DoS).
- dsync: Detect and handle invalid/stale -s state string better.
- dsync: Fixed crash caused by specific mailbox renames
- auth: Auth cache is now disabled passwd-file. It was
unnecessary and it broke %variables in extra fields.
- fts-tika: Don\'t crash if it returns 500 error
- dict-redis: Fixed timeout handling
- SEARCH INTHREAD was crashing
- stats: Only a single fifo_listeners was supported, making it
impossible to use both auth_stats=yes and mail stats plugin.
- SSL errors were logged in separate \"Stacked error\" log lines
instead of as part of the disconnection reason.
- MIME body parser didn\'t handle properly when a child MIME
part\'s --boundary had the same prefix as the parent.

Sat Apr 9 14:00:00 2016 michaelAATTstroeder.com
- update to 2.2.23

* Various fixes to doveadm. Especially running commands via
doveadm-server was broken.

* director: Fixed user weakness getting stuck in some situations

* director: Fixed a situation where directors keep re-sending
different states to each others and never becoming synced.

* director: Fixed assert-crash related to a slow \"user killed\" reply

* Fixed assert-crash related to istream-concat, which could have
been triggered at least by a Sieve script.

Fri Mar 18 13:00:00 2016 mrueckertAATTsuse.de
- update pigeonhole to 0.4.13

* redirect action: Added the list-id header to the duplicate ID
for mail loop prevention. This means that the message sent
directly to the user and the message coming through the mailing
list itself are treated as different messages by the loop
detection of the redirect command, even though their Message-ID
may be identical.

* Changed the Sieve number type to uint64_t, which means that
Sieve numbers can now technically range up to 2^64. Some other
Sieve implementation allowed this, making this change necessary
for successful migration.
+ Implemented the sieve_implicit_extensions setting.
The extensions listed in this setting do not need to be enabled
explicitly using the Sieve \"require\" command. This behavior
directly violates the standard, but can be necessary for
compatibility with some existing implementations of Sieve. Do
not use this setting unless you really need to!
- redirect action: Made mail loop detection more robust by
forcibly adding a Message-ID header if it is missing.
- Prevent logging a useless \"script not found\" error message for
LDAP scripts for which the entry exists but no attribute
containing a script. This is not necessarily an error.
- extprograms plugin: Changed the communication channel between
parent and child process for a directly forked program from a
socketpair to a double pipe. Linux does not support /dev/stdin,
/dev/stdout and friends for sockets. For some shell program
authors this may be confusing, so that is why it is changed.
When using the script service, these device nodes are still not
usable though.

Wed Mar 16 13:00:00 2016 mrueckertAATTsuse.de
- update to 2.2.22
+ Added doveadm HTTP API: See
http://wiki2.dovecot.org/Design/DoveadmProtocol/HTTP
+ virtual plugin: Mailbox filtering can now be done based on the
mailbox metadata. See http://wiki2.dovecot.org/Plugins/Virtual
+ stats: Added doveadm stats reset to reset global stats.
+ stats: Added authentication statistics if auth_stats=yes.
+ dsync, imapc, pop3c & pop3-migration: Many optimizations,
improvements and error handling fixes.
+ doveadm: Most commands now stop soon after SIGINT/SIGTERM.
- auth: Auth caching was done too aggressively when %variables
were used in default_fields, override_fields or LDAP
pass/user_attrs. userdb result_
* were also ignored when user
was found from cache.
- imap: Fixed various assert-crashes caused v2.2.20+. Some of
them caught actual hangs or otherwise unwanted behavior towards
IMAP clients.
- Expunges were forgotten in some situations, for example when
pipelining multiple IMAP MOVE commands.
- quota: Per-namespaces quota were broken for dict and count
backends in v2.2.20+
- fts-solr: Search queries were using OR instead of AND as the
separator for multi-token search queries in v2.2.20+.
- Single instance storage support wasn\'t really working in
v2.2.16+
- dbox: POP3 message ordering wasn\'t working correctly.
- virtual plugin: Fixed crashes related to backend mailbox
deletions.
- update pigeonhole to 0.4.13.rc1

* redirect action: Added the list-id header to the duplicate ID
for mail loop prevention. This means that the message sent
directly to the user and the message coming through the
mailing list itself are treated as different messages by the
loop detection of the redirect command, even though their
Message-ID may be identical.

* Changed the Sieve number type to uint64_t, which means that
Sieve numbers can now technically range up to 2^64. Some other
Sieve implementation allowed this, making this change necessary
for successful migration.
+ Implemented the sieve_implicit_extensions setting.
The extensions listed in this setting do not need to be enabled
explicitly using the Sieve \"require\" command. This behavior
direct violates the standard, but can be necessary for
compatibility with some existing implementations of Sieve. Do
not use this setting unless you really need to!
- redirect action: Made mail loop detection more robust by
forcibly adding a Message-ID header if it is missing.
- Prevent logging a useless \"script not found\" error message for
LDAP scripts for which the entry exists but no attribute
containing a script. This is not necessarily an error.
- extprograms plugin: Changed the communication channel between
parent and child process for a directly forked program from a
socketpair to a double pipe. Linux does not support /dev/stdin,
/dev/stdout and friends for sockets. For some shell program
authors this may be confusing, so that is why it is changed.
When using the script service, these device nodes are still not
usable though.
- drop patches included in version update:
3a719a01a1790df053854d5245ace5ab6d0c3d13.patch
6971937a6f3e93844dbd43bdbe903628e21a9422.patch

Sun Feb 7 13:00:00 2016 mrueckertAATTsuse.de
- update pigeonhole to 0.4.12
+ Implemented the Sieve extracttext extension
(RFC 5703; Section 7).
It is now possible to extract body text from a message into
a variable.

* Increased ABI version due to changes in the Sieve interpreter\'s
object definitions.
- multiscript: Fixed bug in handling of (implicit) keep; final
keep action was always executed as though there was a failure.
This caused the keep action to revert back to the initial
message, causing editheader actions to be ignored.
- managesieve-login: Fixed proxy to allow SASL mechanisms other
than PLAIN. Before, the proxy would fail if the server did not
support the PLAIN mechanism.
- ldap storage: Prevent segfault occurring when assigning certain
(global) configuration options.

Fri Jan 8 13:00:00 2016 mrueckertAATTsuse.de
- update pigeonhole to 0.4.11
no noticable changes compared to rc1

Mon Jan 4 13:00:00 2016 mrueckertAATTsuse.de
- update pigeonhole to 0.4.11.rc1
- Sieve mime extension: Fixed the header :mime :anychild test to
work properly outside a foreverypart loop.
- Several fixes in message body part handling:
- Fixed assert failure occurring when text extraction is
attempted on an empty or broken text part.
- Fixed assert failure in handling of body parts that are
converted to text.
- Fixed header unfolding for (mime) headers parsed from any
mime part.
- Fixed trimming for (mime) headers parsed from any mime part.
- Fixed erroneous changes to the message part tree structure
performed when re-parsing the message.
- LDA Sieve plugin: Fixed logging of actions; sometimes the
configured log format was not followed.
- LDA Sieve plugin: Fixed bug in error handling of script storage
initialization.
- Sieve Extprograms plugin: Ignored ENOTCONN error in
shutdown(fd, SHUT_WR) call.
- Fixed duplication of discard actions in the script result. Each
discard was counted as a separate action, which means that
action limit would be crossed too early.
- Made sure that quota errors never get logged as errors in
syslog.
- Fixed handling of implicit keep for a partially executed
transaction that yielded a temporary failure.
- Fixed handling of global errors. If master and user error
handler were identical, in some cases the log message could be
lost.
- Fixed AIX compile issue in message body parser.

Mon Dec 14 13:00:00 2015 mrueckertAATTsuse.de
- move stopword files from the lucene package to the main FTS
package

Mon Dec 14 13:00:00 2015 mrueckertAATTsuse.de
- update pigeonhole to 0.4.10
- Renamed pigeonhole.m4 to dovecot-pigeonhole.m4

Mon Dec 14 13:00:00 2015 mrueckertAATTsuse.de
- pulled 2 patches from upstream:
3a719a01a1790df053854d5245ace5ab6d0c3d13.patch
6971937a6f3e93844dbd43bdbe903628e21a9422.patch

Sat Dec 12 13:00:00 2015 mrueckertAATTsuse.de
- for more consistent build behavior enable clucene support only on
distros newer than SLE 11

Sat Dec 12 13:00:00 2015 mrueckertAATTsuse.de
- update to 2.2.21
- doveadm mailbox list (and some others) were broken in v2.2.20
- director: Fixed making backend changes when running with only a
single director server.
- virtual plugin: Fixed crash when trying to open nonexistent
autocreated backend mailbox.

Tue Dec 8 13:00:00 2015 mrueckertAATTsuse.de
- update to 2.2.20
+ Added mailbox { autoexpunge=
 
ICM