Various fixes to handling mailbox listing. Especially related to
handling nonexistent autocreated/autosubscribed mailboxes and ACLs.
Global ACL file was parsed as if it was local ACL file. This caused
some of the ACL rule interactions to not work exactly as intended.
Using mail_sort_max_read_count may have caused very high CPU usage.
Message address parsing could have crashed on invalid input.
imapc_features=fetch-headers wasn't always working correctly and
caused the full header to be fetched.
imapc: Various bugfixes related to connection failure handling.
quota=count: quota_warning = -storage=.. was never executed
quota=count: Add support for "ns" parameter
dsync: Fix incremental syncing for mails that don't have Date or
Message-ID headers.
imap: Fix hang when client sends pipelined SEARCH +
EXPUNGE/CLOSE/LOGOUT.
oauth2: Token validation didn't accept empty server responses.
imap: NOTIFY command has been almost completely broken since the
beginning.
pigeonhole updated to 0.4.19
Fixed bug in handling of implicit keep in some cases.
include extension: Fixed segfault that (sometimes) occurred when the
global script location was left unconfigured.
More fixes to automatically fix corruption in dovecot.list.index
dsync-server: Fix support for dsync_features=empty-header-workaround
imapc: Various bugfixes, including infinite loops on some errors
IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't
enabled modseq tracking via CONDSTORE/QRESYNC.
fts-lucene: Fix it to work again with mbox format
Some internal error messages may have contained garbage in v2.2.29
mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys
are used. Otherwise the copied mails can't be opened.
dict-sql: Merging multiple UPDATEs to a single statement wasn't
actually working.
pigeonhole updated to 0.4.18
imapsieve plugin: Implemented the copy_source_after rule action. When this
is enabled for a mailbox rule, the specified Sieve script is executed for
the message in the source mailbox during a "COPY" event. This happens only
after the Sieve script that is executed for the corresponding message in the
destination mailbox finishes running successfully.
imapsieve plugin: Added non-standard Sieve environment items for the source
and destination mailbox.
multiscript: The execution of the discard script had an implicit "keep",
rather than an implicit "discard".
fts-tika: Fixed crash when parsing attachment without
Content-Disposition header. Broken by 2.2.28.
trash plugin was broken in 2.2.28
auth: When passdb/userdb lookups were done via auth-workers, too much
data was added to auth cache. This could have resulted in wrong
replies when using multiple passdbs/userdbs.
auth: passdb { skip & mechanisms } were ignored for the first passdb
oauth2: Various fixes, including fixes to crashes
dsync: Large Sieve scripts (or other large metadata) weren't always
synced.
Index rebuild (e.g. doveadm force-resync) set all mails as \Recent
imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix
doveadm: Exit codes weren't preserved when proxying commands via
doveadm-server. Almost all errors used exit code 75 (tempfail).
ACLs weren't applied to not-yet-existing autocreated mailboxes.
Fixed a potential crash when parsing a broken message header.
cassandra: Fallback consistency settings weren't working correctly.
doveadm director status <user>: "Initial config" was always empty
imapc: Various reconnection fixes.
auth: Support OAUTHBEARER and XOAUTH2 mechanisms. Also support them
in lib-dsasl for client side.
imap: SEARCH/SORT may have assert-crashed in
client_check_command_hangs
imap: FETCH X-MAILBOX may have assert-crashed in virtual mailboxes.
search: Using NOT n:* or NOT UID n:* wasn't handled correctly
fts: fts_autoindex_exclude = \Special-use caused crashes
doveadm-server: Fix leaks and other problems when process is reused
for multiple requests (service_count != 1)
sdbox: Fix assert-crash on mailbox create race
lda/lmtp: deliver_log_format values weren't entirely correct if Sieve
was used. especially %{storage_id} was broken.
imapsieve plugin: Fixed assert failure occurring when used with virtual
mailboxes.
doveadm sieve plugin: Fixed crash when setting Sieve script via attribute's
string value.
authentication was aborted/failed without a username set.
- director: If two users had different tags but the same hash,
the users may have been redirected to the wrong tag's hosts.
- Index files may have been thought incorrectly lost, causing
"Missing middle file seq=.." to be logged and index rebuild.
This happened more easily with IMAP hibernation enabled.
- Various fixes to restoring state correctly in un-hibernation.
- dovecot.index files were commonly 4 bytes per email too large. This
is because 3 bytes per email were being wasted that could have been
used for IMAP keywords.
- Various fixes to handle dovecot.list.index corruption better.
- lib-fts: Fixed assert-crash in address tokenizer with specific input.
- Fixed assert-crash in HTML to text parsing with specific input
(e.g. for FTS indexing or snippet generation)
- doveadm sync -1: Fixed handling mailbox GUID conflicts.
- sdbox, mdbox: Perform full index rebuild if corruption is detected
inside lib-index, which runs index fsck.
- quota: Don't skip quota checks when moving mails between different
quota roots.
- search: Multiple sequence sets or UID sets in search parameters
weren't handled correctly. They were incorrectly merged together.
- master process's listener socket was leaked to all child processes.
This might have allowed untrusted processes to capture and prevent
"doveadm service stop" comands from working.
- login proxy: Fixed crash when outgoing SSL connections were hanging.
- auth: userdb fields weren't passed to auth-workers, so %{userdb:*}
from previous userdbs didn't work there.
- auth: Fixed auth_bind=yes + sasl_bind=yes to work together
- lmtp: %{userdb:*} variables didn't work in mail_log_prefix
- Fixed writing >2GB to iostream-temp files (used by fs-compress,
fs-metawrap, doveadm-http)
- fts-solr: Fixed searching multiple mailboxes
- and more...
- doveadm backup was sometimes deleting entire mailboxes unnecessarily.
- doveadm: Command -parameters weren't being sent to doveadm-server.
- if dovecot.index read failed e.g. because mmap() reached VSZ limit,
an empty index could have been opened instead, corrupting the
mailbox state.
- lazy-expunge: Fixed a crash when copying failed. Various other fixes.
- fts-lucene: Fixed crash on index rescan.
- dict-ldap: Various fixes
- dict-sql: NULL values crashed. Now they're treated as "not found".
- Huge header lines could have caused Dovecot to use too much memory
- dsync: Detect and handle invalid/stale -s state string better.
- dsync: Fixed crash caused by specific mailbox renames
- auth: Auth cache is now disabled passwd-file.
- fts-tika: Don't crash if it returns 500 error
- dict-redis: Fixed timeout handling
- SEARCH INTHREAD was crashing
- stats: Only a single fifo_listeners was supported, making it impossible to
use both auth_stats=yes and mail stats plugin.
- SSL errors were logged in separate "Stacked error" log lines instead of as
part of the disconnection reason.
- MIME body parser didn't handle properly when a child MIME part's --boundary
had the same prefix as the parent.
- pigeonhole updated to 0.4.14
- extprograms plugin: Fixed epoll() panic caused by closing the output
FD before the output stream.
- Made sure that the local part of a mail address is encoded properly
using quoted string syntax when it is not a dot-atom.
- Various fixes to doveadm. Especially running commands via
doveadm-server was broken.
- director: Fixed user weakness getting stuck in some situations
- director: Fixed a situation where directors keep re-sending
different states to each others and never becoming synced.
- director: Fixed assert-crash related to a slow "user killed" reply
- Fixed assert-crash related to istream-concat, which could have
been triggered at least by a Sieve script.
- auth: Auth caching was done too aggressively when %variables were
used in default_fields, override_fields or LDAP pass/user_attrs.
userdb result_* were also ignored when user was found from cache.
- imap: Fixed various assert-crashes caused v2.2.20+. Some of them
caught actual hangs or otherwise unwanted behavior towards IMAP
clients.
- Expunges were forgotten in some situations, for example when
pipelining multiple IMAP MOVE commands.
- quota: Per-namespaces quota were broken for dict and count backends
in v2.2.20+
- fts-solr: Search queries were using OR instead of AND as the
separator for multi-token search queries in v2.2.20+.
- Single instance storage support wasn't really working in v2.2.16+
- dbox: POP3 message ordering wasn't working correctly.
- virtual plugin: Fixed crashes related to backend mailbox deletions.
- multiscript: Fixed bug in handling of (implicit) keep; final keep action was
always executed as though there was a failure.
- managesieve-login: Fixed proxy to allow SASL mechanisms other than PLAIN.
- ldap storage: Prevent segfault occurring when assigning certain (global)
configuration options.
- Sieve mime extension: Fixed the header :mime :anychild test to work properly
outside a foreverypart loop.
- Fixed assert failure occurring when text extraction is attempted on a
empty or broken text part.
- Fixed assert failure in handling of body parts that are converted to text.
- Fixed header unfolding for (mime) headers parsed from any mime part.
- Fixed trimming for (mime) headers parsed from any mime part.
- Fixed erroneous changes to the message part tree structure performed when
re-parsing the message.
- LDA Sieve plugin: Fixed bug in error handling of script storage initialization
- Fixed duplication of discard actions in the script result.
- Made sure that quota errors never get logged as errors in syslog.
- doveadm mailbox list (and some others) were broken in v2.2.20
- director: Fixed making backend changes when running with only a
single director server.
- virtual plugin: Fixed crash when trying to open nonexistent
autocreated backend mailbox.
- pigeonhole updated to 0.4.10
- implemented the Sieve mime and foreverypart extensions (RFC 5703).
+ sieve body extension: Properly implemented the `:text' body
transform. It now extracts text for HTML message parts.
- variables extension: Fixed handling of empty string by the `:length'
set modifier. An empty string yielded an empty string rather than "0".
- Fixed memory leak in the Sieve script byte code dumping facility.
Extension contexts were never actually freed.
- doveadm sieve plugin: Fixed crashes caused by incorrect context
allocation in the sieve command implementations.
- director: Backend tags weren't working correctly.
- ldap: tls_* settings weren't used for ldaps URIs.
- ldap, mysql: Fixed setting connect timeout.
- auth: userdb lookups via auth-worker couldn't change username
- dsync: Fixed handling deleted directories. Make sure we don't go to
infinite mailbox renaming loop.
- imap: Fixed crash in NOTIFY when there were watched namespaces that
didn't support NOTIFY.
- imap: After SETMETADATA was used, various commands (especially FETCH)
could have started hanging when their output was large.
- stats: Idle sessions weren't refreshed often enough, causing stats
process to forget them and log errors about unknown sessions when
they were updated later.
- stats: Fixed "Duplicate session ID" errors when LMTP delivered to
multiple recipients and fts_autoindex=yes.
- zlib plugin: Fixed copying causing cache corruption when zlib_save
wasn't set, but the source message was compressed.
- fts-solr: Fixed escaping Solr query parameters.
- lmtp: quota_full_tempfail=yes was ignored with
lmtp_rcpt_check_quota=yes
- mdbox: Rebuilding could have caused message's reference count to
overflow the 16bit number in some situations, causing problems when
trying to expunge the duplicates.
- Various search fixes (fts, solr, tika, lib-charset, indexer)
- Various virtual plugin fixes
- Various fixes and optimizations to dsync, imapc and pop3-migration
- imap: Various RFC compliancy and crash fixes to NOTIFY
- pigeonhole updated to 0.4.9
- ManageSieve: Fixed an assert failure occurring when a client
disconnects during the GETSCRIPT command.
- doveadm sieve plugin: Fixed incorrect initialization (mem leaks) of mail user.
- sieve-filter command line tool: Fixed handling of failure-related
implicit keep when there is an explicit default destination folder.
- lib-sieve: Fixed bug in RFC5322 header folding.
- Fixed problem in address test: erroneously decoded mime-encoded words in
address headers.
- extprograms plugin: Fixed failure occurring when connecting to script
service without the need to read back the output from the external program.
- Fixed bug in script storage path normalization occurring with relative
symbolic links below root.
director ring sockets, causing it to break in existing installations.
- sdbox: When copying a mail in alt storage, place the destination to
alt storage as well.
- auth: Don't crash if master user login is attempted without
any configured master=yes passdbs
- Parsing UTF-8 text for mails could have caused broken results
sometimes if buffering was split in the middle of a UTF-8 character.
This affected at least searching messages.
- String sanitization for some logged output wasn't done properly:
UTF-8 text could have been truncated wrongly or the truncation may
not have happened at all.
- fts-lucene: Lookups from virtual mailbox consisting of over 32
physical mailboxes could have caused crashes.
- fixed several race conditions with dovecot.index.cache handling that
may have caused unnecessary "cache is corrupted" errors.
- auth: If auth client listed userdb and disconnected before finishing,
the auth worker process got stuck
- imap-login, pop3-login: Fixed potential crashes when client
disconnected unexpectedly.
- imap proxy: The connection was hanging in some usage patterns.
- fixes CVE-2014-3430: denial of service through maxxing out SSL connections
- pop3 server was still crashing in v2.2.12
- maildir: Various fixes and improvements to handling compressed mails
- fts-lucene, fts-solr: Fixed crash on search when the index contained
duplicate entries.
- mail_attachment_dir: Attachments with the last base64-encoded line
longer than the rest wasn't handled correctly.
- IMAP: SEARCH/SORT PARTIAL was handled completely wrong in v2.2.11+
- acl: Global ACL file handling was broken when multiple entries
matched the mailbox name
- quota-status: quota_grace was ignored
- ldap: Fixed memory leak with auth_bind=yes and without
auth_bind_userdn.
- imap: Don't send HIGHESTMODSEQ anymore on SELECT/EXAMINE when
CONDSTORE/QRESYNC has never before been enabled for the mailbox.
- imap: Fixes to handling mailboxes without permanent modseqs.
(When [NOMODSEQ] is returned by SELECT, mainly with in-memory
indexes.)
- imap: Various fixes to METADATA support.
- stats plugin: Processes that only temporarily dropped privileges
(e.g. indexer-worker) may have been logging errors about not being
able to open /proc/self/io.
"--boundary" and CR (without LF). Messages saved via SMTP/LMTP can't
trigger this, because messages must end with an "LF.". A user could
trigger this for him/herself though.
- lmtp: Client was sometimes disconnected before all the output was
sent to it.
- replicator: Database wasn't being exported to disk every 15 minutes
as it should have. Instead it was being imported, causing "doveadm
replicator remove" commands to not work very well.
- master process was doing a hostname.domain lookup for each created
process, which may have caused a lot of unnecessary DNS lookups.
- dsync: Syncing over 100 messages at once caused problems in some
situations, causing messages to get new UIDs.
- fts-solr: Different Solr hosts for different users didn't work.
- director: v2.2.5 changes caused "SYNC lost" errors
- dsync: Many fixes and error handling improvements
- doveadm -A: Don't waste CPU by doing a separate config lookup
for each user
- Long-running ssl-params process no longer prevents Dovecot restart
- mbox: Fixed mailbox_list_index=yes to work correctly
- added some missing man pages (by Pascal Volk)
- director: Users near expiration could have been redirected to
different servers at the same time.
- pop3: Avoid assert-crash if client disconnects during LIST.
- mdbox: Corrupted index header still wasn't automatically fixed.
- dsync: Various fixes to work better with imapc and pop3c storages.
- ldap: sasl_bind=yes caused crashes, because Dovecot's lib-sasl
symbols conflicted with Cyrus SASL library.
- imap/pop3 proxy: Master user logins were broken in v2.2.3
- sdbox/mdbox: A corrupted index header with wrong size was never
automatically fixed in v2.2.3.
- mbox: Fixed assert-crashes related to locking.
- IMAP: If subject contained only whitespace, Dovecot returned an
ENVELOPE reply with a huge literal value, effectively causing the
IMAP client to wait for more data forever.
- IMAP: Various URLAUTH fixes.
- imapc: Various bugfixes and improvements
- pop3c: Various fixes to make it work in dsync (without imapc)
- dsync: Fixes to syncing subscriptions. Fixes to syncing mailbox
renames.
- IMAP: Various URLAUTH fixes.
- IMAP: Fixed a hang with invalid APPEND parameters.
- IMAP LIST-EXTENDED: INBOX was never listed with \Subscribed flag.
- mailbox_list_index=yes still caused crashes.
- maildir: Fixed a crash after dovecot-keywords file was re-read.
- maildir: If files had reappeared unexpectedly to a Maildir, they
were ignored until index files were deleted.
- Maildir: Fixed handling over 26 keywords in a mailbox.
- imap/pop3-login proxying: Fixed a crash if TCP connection succeeded,
but the remote login timed out.
- Mailbox list indexes weren't using proper file permissions based
on the root directory.
- replicator: doveadm commands and user list export may have skipped
some users.
- Various fixes to mailbox_list_index=yes
- v2.1.11+ had a race condition where it sometimes overwrote data in
dovecot.index.cache file. This could have caused Dovecot to return
the same cached data to two different messages.
- mdbox: Fixes to handling duplicate GUIDs during index rebuild
- lmtp proxy: Fixed hanging if remote server was down.
- doveadm: Various fixes to handling doveadm-server connections.
- auth: passdb imap was broken in v2.1.10.
- director: In some conditions director may have disconnected from
another director (without logging about it), thinking it was sending
invalid data.
- imap: Various fixes to listing mailboxes.
- login processes crashed if there were a lot of local {} or remote {}
settings blocks.
- Full text search indexing might have failed for some messages,
always causing indexer-worker process to run out of memory.
- fts-lucene: Fixed handling SEARCH HEADER FROM/TO/SUBJECT/CC/BCC when
the header wasn't lowercased.
- fts-squat: Fixed crash when searching a virtual mailbox.
- pop3: Fixed assert crash when doing UIDL on empty mailbox on some
setups.
- auth: GSSAPI RFC compliancy and error handling fixes.
- Various fixes related to handling shared namespaces
- imap: Mailbox names were accidentally sent as UTF-8 instead of mUTF-7
in previous v2.1.x releases for STATUS, MYRIGHTS and GETQUOTAROOT commands.
- lmtp proxy: Don't timeout connections too early when mail has a lot of RCPT TOs.
- director: Don't crash if the director is working alone.
- shared mailboxes: Avoid doing "@domain" userdb lookups.
- doveadm: Fixed crash with proxying some commands.
- fts-squat: Fixed handling multiple SEARCH parameters.
- imapc: Fixed a crash when message had more than 8 keywords.
- imapc: Don't crash on APPEND/COPY if server doesn't support UIDPLUS.
