dovecot - May 2011 - v2.0.13 released

http://dovecot.org/releases/2.0/dovecot-2.0.13.tar.gz
http://dovecot.org/releases/2.0/dovecot-2.0.13.tar.gz.sig

I've almost managed to read my email backlog, but there are still some
unanswered mails. Feel free to resend if you think I should have
answered some of your mails.

The most important changes since v2.0.12:

	+ Added "doveadm index" command to add unindexed messages into
	  index/cache. If full text search is enabled, it also adds unindexed
	  messages to the fts database.
	+ added "doveadm director dump" command.
	+ pop3: Added support for showing messages in "POP3 order", which can
	  be different from IMAP message order. This can be useful for
	  migrations from other servers. Implemented it for Maildir as 'O'
	  field in dovecot-uidlist.
	- doveconf: Fixed a wrong "subsection has ssl=yes" warning.
	- mdbox purge: Fixed wrong warning about corrupted extrefs.
	- sdbox: INBOX GUID changed when INBOX was autocreated, leading to
	  trouble with dsync.
	- script-login binary wasn't actually dropping privileges to the
	  user/group/chroot specified by its service settings.
	- Fixed potential crashes and other problems when parsing header names
	  that contained NUL characters.

On Wed, 11 May 2011 18:52:21 +0300 Timo Sirainen wrote:  

  [ ... ]
> 	- script-login binary wasn't actually dropping privileges to the
> 	  user/group/chroot specified by its service settings.
This version gives problems with my post-login script to track last usage,
which works perfect with 2.0.12.

Error messages:

May 11 20:38:53 seymour dovecot: master: Dovecot v2.0.13 starting up (core dumps
disabled)
May 11 20:39:01 seymour dovecot: imap-login: Login: frank, 192.168.28.53, TLS
May 11 20:39:01 seymour dovecot: imap-postlogin: Error: script-login: Error:
user frank: Error reading configuration:
net_connect_unix(/var/run/dovecot/config) failed: Permission denied
May 11 20:39:01 seymour dovecot: imap-postlogin: Error: script-login: Fatal:
Internal error occurred. Refer to server log for more information.
May 11 20:39:01 seymour dovecot: log: Error: service(imap-postlogin): child 8651
returned error 89 (Fatal failure)
May 11 20:39:01 seymour dovecot: imap(frank): Post-login script denied access to
user frank


# 2.0.12: /usr/local/dovecot/etc/dovecot/dovecot.conf
# OS: Linux 2.6.35.13-91.fc14.i686.PAE i686 Fedora release 14 (Laughlin) ext3
disable_plaintext_auth = no
first_valid_uid = 200
last_valid_uid = 65534
listen = *
login_greeting = c64.shuttle.de - IMAPs Service ready.
login_log_format_elements = %u %r %c
mail_location = maildir:/var/spool/mail/%u:INDEX=MEMORY
mail_log_prefix = "%Us(%u,%r): "
mail_plugins = " notify quota"
passdb {
  args = dovecot
  driver = pam
}
plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
flag_change append
  mail_log_fields = uid box from subject msgid size flags
  mail_log_group_events = yes
  quota = maildir:User quota
  quota_rule = *:storage=2G
  quota_rule2 = Trash:storage=+100M
}
protocols = imap
service auth {
  unix_listener auth-client {
    group = exim
    mode = 0660
    user = exim
  }
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
  process_min_avail = 3
}
service imap-postlogin {
  executable = script-login /usr/dovecot/bin/imap-post-login
  user = dovecot
}
service imap {
  executable = imap imap-postlogin
}
ssl_cert = </usr/local/etc/c64.shuttle.de.CRT
ssl_cipher_list = ALL:!LOW:!SSLv2
ssl_key = </usr/local/etc/c64.shuttle.de-dovecot.KEY
userdb {
  driver = passwd
}
verbose_proctitle = yes
protocol imap {
  imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
  imap_logout_format = [%i/%o]
  mail_plugins = " notify quota mail_log quota imap_quota listescape"
}


Procedure "/usr/dovecot/bin/imap-post-login" simply writes a datestamp
to a file
with owner "frank".

Any pointer to solution welcome.


--Frank Elsner

Compiling dovecot-2.0.13 on OS X emits these warnings:

user-directory.c: In function user_directory_add:
user-directory.c:79: warning: comparison between signed and unsigned
user-directory.c:84: warning: comparison between signed and unsigned

Casting the left hand sides of the comparisons to time_t, as you do in other
places, silences them:

--- a/src/director/user-directory.c	2011-05-11 09:35:21.000000000 -0500
+++ b/src/director/user-directory.c	2011-05-11 16:55:45.000000000 -0500
@@ -76,12 +76,12 @@
 	user->host->user_count++;
 	user->timestamp = timestamp;
 
-	if (dir->tail == NULL || dir->tail->timestamp <= timestamp)
+	if (dir->tail == NULL || (time_t) dir->tail->timestamp <=
timestamp)
 		DLLIST2_APPEND(&dir->head, &dir->tail, user);
 	else {
 		/* need to insert to correct position */
 		for (pos = dir->tail; pos != NULL; pos = pos->prev) {
-			if (pos->timestamp <= timestamp)
+			if ((time_t) pos->timestamp <= timestamp)
 				break;
 		}
 		if (pos == NULL)

rsync not active? or now protected to mirrors?



On Wed, 2011-05-11 at 18:52 +0300, Timo Sirainen wrote:
> http://dovecot.org/releases/2.0/dovecot-2.0.13.tar.gz
> http://dovecot.org/releases/2.0/dovecot-2.0.13.tar.gz.sig
> 
> I've almost managed to read my email backlog, but there are still some
> unanswered mails. Feel free to resend if you think I should have
> answered some of your mails.
> 
> The most important changes since v2.0.12:
> 
> 	+ Added "doveadm index" command to add unindexed messages into
> 	  index/cache. If full text search is enabled, it also adds unindexed
> 	  messages to the fts database.
> 	+ added "doveadm director dump" command.
> 	+ pop3: Added support for showing messages in "POP3 order",
which can
> 	  be different from IMAP message order. This can be useful for
> 	  migrations from other servers. Implemented it for Maildir as 'O'
> 	  field in dovecot-uidlist.
> 	- doveconf: Fixed a wrong "subsection has ssl=yes" warning.
> 	- mdbox purge: Fixed wrong warning about corrupted extrefs.
> 	- sdbox: INBOX GUID changed when INBOX was autocreated, leading to
> 	  trouble with dsync.
> 	- script-login binary wasn't actually dropping privileges to the
> 	  user/group/chroot specified by its service settings.
> 	- Fixed potential crashes and other problems when parsing header names
> 	  that contained NUL characters.
> 
> 
> _______________________________________________
> Dovecot-news mailing list
> Dovecot-news at dovecot.org
> http://dovecot.org/cgi-bin/mailman/listinfo/dovecot-news

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20110513/a64739a6/attachment-0002.bin>

Specifics of what you're talking about?

(Yeah, I may have screwed up something, but currently I'm a bit too
busy/lazy to find out what.)

On 13.5.2011, at 2.39, Noel Butler wrote:
> rsync not active? or now protected to mirrors?
> 
> 
> 
> On Wed, 2011-05-11 at 18:52 +0300, Timo Sirainen wrote:
> 
>> http://dovecot.org/releases/2.0/dovecot-2.0.13.tar.gz
>> http://dovecot.org/releases/2.0/dovecot-2.0.13.tar.gz.sig
>> 
>> I've almost managed to read my email backlog, but there are still
some
>> unanswered mails. Feel free to resend if you think I should have
>> answered some of your mails.
>> 
>> The most important changes since v2.0.12:
>> 
>> 	+ Added "doveadm index" command to add unindexed messages
into
>> 	  index/cache. If full text search is enabled, it also adds unindexed
>> 	  messages to the fts database.
>> 	+ added "doveadm director dump" command.
>> 	+ pop3: Added support for showing messages in "POP3 order",
which can
>> 	  be different from IMAP message order. This can be useful for
>> 	  migrations from other servers. Implemented it for Maildir as
'O'
>> 	  field in dovecot-uidlist.
>> 	- doveconf: Fixed a wrong "subsection has ssl=yes" warning.
>> 	- mdbox purge: Fixed wrong warning about corrupted extrefs.
>> 	- sdbox: INBOX GUID changed when INBOX was autocreated, leading to
>> 	  trouble with dsync.
>> 	- script-login binary wasn't actually dropping privileges to the
>> 	  user/group/chroot specified by its service settings.
>> 	- Fixed potential crashes and other problems when parsing header names
>> 	  that contained NUL characters.
>> 
>> 
>> _______________________________________________
>> Dovecot-news mailing list
>> Dovecot-news at dovecot.org
>> http://dovecot.org/cgi-bin/mailman/listinfo/dovecot-news
> 
>

On Wed, May 11, 2011 at 06:52:21PM +0300, Timo Sirainen
wrote:
> http://dovecot.org/releases/2.0/dovecot-2.0.13.tar.gz
> http://dovecot.org/releases/2.0/dovecot-2.0.13.tar.gz.sig
> 
> I've almost managed to read my email backlog, but there are still some
> unanswered mails. Feel free to resend if you think I should have
> answered some of your mails.
> 
> The most important changes since v2.0.12:
> 
> 	+ Added "doveadm index" command to add unindexed messages into
> 	  index/cache. If full text search is enabled, it also adds unindexed
> 	  messages to the fts database.
> 	+ added "doveadm director dump" command.
> 	+ pop3: Added support for showing messages in "POP3 order",
which can
> 	  be different from IMAP message order. This can be useful for
> 	  migrations from other servers. Implemented it for Maildir as 'O'
> 	  field in dovecot-uidlist.
> 	- doveconf: Fixed a wrong "subsection has ssl=yes" warning.
> 	- mdbox purge: Fixed wrong warning about corrupted extrefs.
> 	- sdbox: INBOX GUID changed when INBOX was autocreated, leading to
> 	  trouble with dsync.
> 	- script-login binary wasn't actually dropping privileges to the
> 	  user/group/chroot specified by its service settings.
> 	- Fixed potential crashes and other problems when parsing header names
> 	  that contained NUL characters.
Should this get CVE-identifier? I can request it.

Best regards,
Henri Salo

On Wed, May 11, 2011 at 06:52:21PM +0300, Timo Sirainen
wrote:
> http://dovecot.org/releases/2.0/dovecot-2.0.13.tar.gz
> http://dovecot.org/releases/2.0/dovecot-2.0.13.tar.gz.sig
> 
> I've almost managed to read my email backlog, but there are still some
> unanswered mails. Feel free to resend if you think I should have
> answered some of your mails.
> 
> The most important changes since v2.0.12:
> 
> 	+ Added "doveadm index" command to add unindexed messages into
> 	  index/cache. If full text search is enabled, it also adds unindexed
> 	  messages to the fts database.
> 	+ added "doveadm director dump" command.
> 	+ pop3: Added support for showing messages in "POP3 order",
which can
> 	  be different from IMAP message order. This can be useful for
> 	  migrations from other servers. Implemented it for Maildir as 'O'
> 	  field in dovecot-uidlist.
> 	- doveconf: Fixed a wrong "subsection has ssl=yes" warning.
> 	- mdbox purge: Fixed wrong warning about corrupted extrefs.
> 	- sdbox: INBOX GUID changed when INBOX was autocreated, leading to
> 	  trouble with dsync.
> 	- script-login binary wasn't actually dropping privileges to the
> 	  user/group/chroot specified by its service settings.
> 	- Fixed potential crashes and other problems when parsing header names
> 	  that contained NUL characters.
Header NUL problem got assigned CVE-2011-1929.

Best regards,
Henri Salo

After configure and compiling dovecot-2.0.13, running "make check"
fails
on a few tests on sparc/solaris

net_is_in_network(0) ................................................. : ok
net_is_in_network(1) ................................................. : ok
net_is_in_network(2) ................................................. : ok
net_is_in_network(3) ................................................. : ok
net_is_in_network(4) ................................................. : ok
net_is_in_network(5) ................................................. : ok
net_is_in_network(6) ................................................. : ok
net_is_in_network(7) ................................................. : ok
net_is_in_network(8) ................................................. : ok
net_is_in_network(9) ................................................. : ok
net_is_in_network(10) ................................................ : ok
net_is_in_network(11) ................................................ : FAILED
net_is_in_network(12) ................................................ : FAILED
net_is_in_network(13) ................................................ : ok
net_is_in_network(14) ................................................ : ok
net_is_in_network(15) ................................................ : ok
net_is_in_network(16) ................................................ : ok

The failing tests are for
                 { "255.255.255.255", "128.0.0.0", 1, TRUE
},
                 { "255.255.255.255", "127.0.0.0", 1, FALSE
}
src/lib/network.c
src/lib/test-network