https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz.sig
* auth: Use timing safe comparisons for everything related to
passwords. It's unlikely that these could have been used for
practical attacks, especially because Dovecot delays and flushes all
failed authentications in 2 second intervals. Also it could have
worked only when passwords were stored in plaintext in the passdb.
* master process sends SIGQUIT to all running children at shutdown,
which instructs them to close all the socket listeners immediately.
This way restarting Dovecot should no longer fail due to some
processes keeping the listeners open for a long time.
+ auth: Add passdb { mechanisms=none } to match separate passdb lookup
+ auth: Add passdb { username_filter } to use passdb only if user
matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
+ dsync: Add dsync_commit_msgs_interval setting. It attempts to commit
the transaction after saving this many new messages. Because of the
way dsync works, it may not always be possible if mails are copied
or UIDs need to change.
+ imapc: Support imapc_features=search without ESEARCH extension.
+ imapc: Add imapc_features=fetch-bodystructure to pass through remote
server's FETCH BODY and BODYSTRUCTURE.
+ imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the
remote server.
+ passdb imap: Add allow_invalid_cert and ssl_ca_file parameters.
+ If dovecot.index.cache corruption is detected, reset only the one
corrupted mail instead of the whole file.
+ doveadm mailbox status: Add "firstsaved" field.
+ director_flush_socket: Add old host's up/down and vhost count as
parameters
- More fixes to automatically fix corruption in dovecot.list.index
- dsync-server: Fix support for dsync_features=empty-header-workaround
- imapc: Various bugfixes, including infinite loops on some errors
- IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't
enabled modseq tracking via CONDSTORE/QRESYNC.
- fts-lucene: Fix it to work again with mbox format
- Some internal error messages may have contained garbage in v2.2.29
- mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys
are used. Otherwise the copied mails can't be opened.
- vpopmail: Fix compiling
On 30/05/2017 19:16, Timo Sirainen wrote:> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gzThere is a build problem in the configure/make/libtool process when using "./configure ... --with-storages=maildir ...". libtool: link: cc -G -h lib10_quota_plugin.so -o .libs/lib10_quota_plugin.so .libs/quota.o .libs/quota-count.o .libs/quota-fs.o .libs/quota-dict.o .libs/quota-dirsize.o .libs/quota-imapc.o .libs/quota-maildir.o .libs/quota-plugin.o .libs/quota-storage.o .libs/quota-util.o .libs/rquota_xdr.o -lrt -lnsl -lsocket -lsendfile -lc libtool: link: ( cd ".libs" && rm -f "lib10_quota_plugin.la" && ln -s "../lib10_quota_plugin.la" "lib10_quota_plugin.la" ) libtool: link: cc -o .libs/quota-status quota-status.o .libs/quota.o .libs/quota-count.o .libs/quota-fs.o .libs/quota-dict.o .libs/quota-dirsize.o .libs/quota-imapc.o .libs/quota-maildir.o .libs/quota-plugin.o .libs/quota-storage.o .libs/quota-util.o .libs/rquota_xdr.o ../../../src/lib-storage/.libs/libdovecot-storage.so /scratch/build/dovecot/32/src/lib-dovecot/.libs/libdovecot.so ../../../src/lib-imap-storage/.libs/libimap-storage.a ../../../src/lib-dovecot/.libs/libdovecot.so -liconv -lrt -lnsl -lsocket -lsendfile Undefined first referenced symbol in file imapc_simple_run .libs/quota-imapc.o imapc_simple_context_init .libs/quota-imapc.o imapc_command_sendf .libs/quota-imapc.o imapc_client_get_capabilities .libs/quota-imapc.o imapc_storage_client_register_untagged .libs/quota-imapc.o imapc_simple_callback .libs/quota-imapc.o imapc_client_cmd .libs/quota-imapc.o ld: fatal: symbol referencing errors. No output written to .libs/quota-status This can be avoided if "--with-storages=maildir,imapc" is used to build. I could not find a proper solution in the time I had.
On 05/31/2017 12:54 PM, James wrote:> This can be avoided if "--with-storages=maildir,imapc" is used to build. > I could not find a proper solution in the time I had.Recently Timo said "Don't use --with-storages=maildir. The benefits are very close to zero. I think I'll just remove that configure option entirely". So, it's been removed, I suppose. -- Aleksander 'A.L.E.C' Machniak Kolab Groupware Developer [http://kolab.org] Roundcube Webmail Developer [http://roundcube.net] ---------------------------------------------------- PGP: 19359DC1 # Blog: https://kolabian.wordpress.com
On 31/05/2017 8:54 PM, James wrote:> On 30/05/2017 19:16, Timo Sirainen wrote: > >> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz > > There is a build problem in the configure/make/libtool process when > using "./configure ... --with-storages=maildir ...".This was deliberate - see the mailing list archives dated around 9 May 2017. Refer the commit referring to this: https://github.com/dovecot/core/commit/5b0cbd40cdf36d086f014d4f56dc994bbbe12463 In my view it should have been noted in the release notes as an upgrade caveat because this is a subtle but important build change in behaviour from previous versions. Reuben
Le 30/05/2017 ? 20:16, Timo Sirainen a ?crit :> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz > https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz.sig > > * auth: Use timing safe comparisons for everything related to > passwords. It's unlikely that these could have been used for > practical attacks, especially because Dovecot delays and flushes all > failed authentications in 2 second intervals. Also it could have > worked only when passwords were stored in plaintext in the passdb. > * master process sends SIGQUIT to all running children at shutdown, > which instructs them to close all the socket listeners immediately. > This way restarting Dovecot should no longer fail due to some > processes keeping the listeners open for a long time. > > + auth: Add passdb { mechanisms=none } to match separate passdb lookup > + auth: Add passdb { username_filter } to use passdb only if user > matches the filter. See https://wiki2.dovecot.org/PasswordDatabaseShouldn't the wiki be corrected ? we have: mechanisms: Skip, if non-empty and the current auth mechanism is listed here. but the intended meaning is: mechanisms: Skip, if non-empty and the current auth mechanism is not listed here. Isn't it? Emmanuel.
On 31 May 2017, at 16.32, FUSTE Emmanuel <emmanuel.fuste at thalesgroup.com> wrote:> >> + auth: Add passdb { mechanisms=none } to match separate passdb lookup >> + auth: Add passdb { username_filter } to use passdb only if user >> matches the filter. See https://wiki2.dovecot.org/PasswordDatabase > Shouldn't the wiki be corrected ? > we have: > mechanisms: Skip, if non-empty and the current auth mechanism is listed > here. > > but the intended meaning is: > mechanisms: Skip, if non-empty and the current auth mechanism is not > listed here. > > Isn't it?Fixed, thanks!
On 30 May 2017 at 21:16, Timo Sirainen <tss at iki.fi> wrote:> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz > https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz.sig > > * auth: Use timing safe comparisons for everything related to > passwords. It's unlikely that these could have been used for > practical attacks, especially because Dovecot delays and flushes all > failed authentications in 2 second intervals. Also it could have > worked only when passwords were stored in plaintext in the passdb. > * master process sends SIGQUIT to all running children at shutdown, > which instructs them to close all the socket listeners immediately. > This way restarting Dovecot should no longer fail due to some > processes keeping the listeners open for a long time. > > + auth: Add passdb { mechanisms=none } to match separate passdb lookup > + auth: Add passdb { username_filter } to use passdb only if user > matches the filter. See https://wiki2.dovecot.org/PasswordDatabase > + dsync: Add dsync_commit_msgs_interval setting. It attempts to commit > the transaction after saving this many new messages. Because of the > way dsync works, it may not always be possible if mails are copied > or UIDs need to change. > + imapc: Support imapc_features=search without ESEARCH extension. > + imapc: Add imapc_features=fetch-bodystructure to pass through remote > server's FETCH BODY and BODYSTRUCTURE. > + imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the > remote server. > + passdb imap: Add allow_invalid_cert and ssl_ca_file parameters. > + If dovecot.index.cache corruption is detected, reset only the one > corrupted mail instead of the whole file. > + doveadm mailbox status: Add "firstsaved" field. > + director_flush_socket: Add old host's up/down and vhost count as > parameters > - More fixes to automatically fix corruption in dovecot.list.index > - dsync-server: Fix support for dsync_features=empty-header-workaround > - imapc: Various bugfixes, including infinite loops on some errors > - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't > enabled modseq tracking via CONDSTORE/QRESYNC. > - fts-lucene: Fix it to work again with mbox format > - Some internal error messages may have contained garbage in v2.2.29 > - mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys > are used. Otherwise the copied mails can't be opened. > - vpopmail: Fix compiling >Upgraded a 2.2.29 to this one and all hell broke loose! All users (MS Outlook!) were being prompted for mail password! They'd enter it, mail is fetched, and on the next check (even though the password had always been saved) they'd be prompted again. So I quickly reverted to 2.2.29 and peace prevailed. Now I am just wondering what exactly is causing this and how to fix it if I am to come to 2.2.30.1 -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
At least doveconf -n output would help. I guess related to authentication settings. Are there any errors in logs?> On 1 Jun 2017, at 12.14, Odhiambo Washington <odhiambo at gmail.com> wrote: > >> On 30 May 2017 at 21:16, Timo Sirainen <tss at iki.fi> wrote: >> >> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz >> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz.sig >> >> * auth: Use timing safe comparisons for everything related to >> passwords. It's unlikely that these could have been used for >> practical attacks, especially because Dovecot delays and flushes all >> failed authentications in 2 second intervals. Also it could have >> worked only when passwords were stored in plaintext in the passdb. >> * master process sends SIGQUIT to all running children at shutdown, >> which instructs them to close all the socket listeners immediately. >> This way restarting Dovecot should no longer fail due to some >> processes keeping the listeners open for a long time. >> >> + auth: Add passdb { mechanisms=none } to match separate passdb lookup >> + auth: Add passdb { username_filter } to use passdb only if user >> matches the filter. See https://wiki2.dovecot.org/PasswordDatabase >> + dsync: Add dsync_commit_msgs_interval setting. It attempts to commit >> the transaction after saving this many new messages. Because of the >> way dsync works, it may not always be possible if mails are copied >> or UIDs need to change. >> + imapc: Support imapc_features=search without ESEARCH extension. >> + imapc: Add imapc_features=fetch-bodystructure to pass through remote >> server's FETCH BODY and BODYSTRUCTURE. >> + imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the >> remote server. >> + passdb imap: Add allow_invalid_cert and ssl_ca_file parameters. >> + If dovecot.index.cache corruption is detected, reset only the one >> corrupted mail instead of the whole file. >> + doveadm mailbox status: Add "firstsaved" field. >> + director_flush_socket: Add old host's up/down and vhost count as >> parameters >> - More fixes to automatically fix corruption in dovecot.list.index >> - dsync-server: Fix support for dsync_features=empty-header-workaround >> - imapc: Various bugfixes, including infinite loops on some errors >> - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't >> enabled modseq tracking via CONDSTORE/QRESYNC. >> - fts-lucene: Fix it to work again with mbox format >> - Some internal error messages may have contained garbage in v2.2.29 >> - mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys >> are used. Otherwise the copied mails can't be opened. >> - vpopmail: Fix compiling >> > > > Upgraded a 2.2.29 to this one and all hell broke loose! All users (MS > Outlook!) were being prompted for mail password! They'd enter it, mail is > fetched, and on the next check (even though the password had always been > saved) they'd be prompted again. So I quickly reverted to 2.2.29 and peace > prevailed. > > Now I am just wondering what exactly is causing this and how to fix it if I > am to come to 2.2.30.1 > > > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254 7 3200 0004/+254 7 2274 3223 > "Oh, the cruft."