http://dovecot.org/releases/1.1/dovecot-1.1.6.tar.gz http://dovecot.org/releases/1.1/dovecot-1.1.6.tar.gz.sig The invalid message address parsing bug is pretty important since it allows a remote user to send broken mail headers and prevent the recipient from accessing the mailbox afterwards, because the process will always just crash trying to parse the header. This is assuming that the IMAP client uses FETCH ENVELOPE command, not all do. Note that it doesn't affect versions older than v1.1.4. + dovecot -n and -a now prints some system information at the top. + More error/debug message logging improvements. - pop3-login: Fixed assert-crash if a client sent USER+PASS+USER+PASS commands in the same IP packet. - Parsing an invalid message address like "From: (" caused an assert-crash in v1.1.4 and v1.1.5. - Folding whitespace wasn't handled correctly inside quoted-strings, causing some messages to be parsed incorrectly. - mbox: Fixed saving messages that begin with a valid From_-line. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part Url : http://dovecot.org/pipermail/dovecot-news/attachments/20081030/38905e63/attachment.bin
Timo Sirainen schreef:> http://dovecot.org/releases/1.1/dovecot-1.1.6.tar.gz > http://dovecot.org/releases/1.1/dovecot-1.1.6.tar.gz.sig >I've refreshed the managesieve patch for the new Dovecot release. http://www.rename-it.nl/dovecot/1.1/dovecot-1.1.6-managesieve-0.10.3.diff.gz http://www.rename-it.nl/dovecot/1.1/dovecot-1.1.6-managesieve-0.10.3.diff.gz.sig Regards, -- Stephan Bosch stephan at rename-it.nl
Has there been some issue fixed between 1.1.5 and 1.1.6 that could explain a huge drop in CPU use? I was having problems with a 1.1.5 box that kept being on about 80% CPU (a dual quad core box). I updated it to 1.1.6, and ever since it's been at < 5% CPU. (no change in number of users). Cor
Just wanted to mention that 1.1.6 seems fine so far in our testing, and I think the lack of reported problems on the mailing list is probably a very good sign! Timo Sirainen wrote:> http://dovecot.org/releases/1.1/dovecot-1.1.6.tar.gz > http://dovecot.org/releases/1.1/dovecot-1.1.6.tar.gz.sig > > The invalid message address parsing bug is pretty important since it > allows a remote user to send broken mail headers and prevent the > recipient from accessing the mailbox afterwards, because the process > will always just crash trying to parse the header. This is assuming that > the IMAP client uses FETCH ENVELOPE command, not all do. Note that it > doesn't affect versions older than v1.1.4. > > + dovecot -n and -a now prints some system information at the top. > + More error/debug message logging improvements. > - pop3-login: Fixed assert-crash if a client sent USER+PASS+USER+PASS > commands in the same IP packet. > - Parsing an invalid message address like "From: (" caused an > assert-crash in v1.1.4 and v1.1.5. > - Folding whitespace wasn't handled correctly inside quoted-strings, > causing some messages to be parsed incorrectly. > - mbox: Fixed saving messages that begin with a valid From_-line. > >