This is a very large update, and it WILL require manually
updating existing conf files, though the changes to do so
are not extensive. Updating instructions are here:
https://wiki2.dovecot.org/Upgrading/2.3
Additionally there are various cleanups to the dovecot rc(8)
script, and support for a LUA scripting interface for dovecot.
The decision was made not to import the 2.3.0 or 2.3.0.1 releases
here, due to the number of existing bugs. ler and I have been
dogfooding it for months now, and all of the bugs I've encountered
are fixed in this 2.3.1 release.
This update is the result of many, many hours of collborative work
between ler and me, and the input of many people on the freebsd-ports
list.
- charset_alias: compile fails with Solaris Studio, reported by
John Woods.
- Fix local name handling in v2.2.34 SNI code, bug found by cPanel.
- imapc: Don't try to add mails to index if they already exist there.
- imapc: If email is modified in istream_opened hook, mail size isn't
updated.
- lib-dcrypt: When reading encrypted data, more data would not be
read if buffer was not consumed causing panic or hang.
- notify: When notify plugin is used and transaction commit fails in
dsync, crash occurs.
- sdbox: When delivering to a mailbox that is over quota, temp files
are not cleaned up when saving or copying fails.
Change an ambigious "enable" to the actual value that causes a problem,
and fix spelling of "gid".
No PORTREVISION bump---there's a major update coming shortly, and this
change will get picked up then.
PR: 218392
Submitted by: Jeremy Chadwick
* CVE-2017-15130: TLS SNI config lookups may lead to excessive
memory usage, causing imap-login/pop3-login VSZ limit to be reached
and the process restarted. This happens only if Dovecot config has
local_name { } or local { } configuration blocks and attacker uses
randomly generated SNI servernames.
* CVE-2017-14461: Parsing invalid email addresses may cause a crash or
leak memory contents to attacker. For example, these memory contents
might contain parts of an email from another user if the same imap
process is reused for multiple users. First discovered by Aleksandar
Nikolic of Cisco Talos. Independently also discovered by "flxflndy"
via HackerOne.
* CVE-2017-15132: Aborted SASL authentication leaks memory in login
process.
* Linux: Core dumping is no longer enabled by default via
PR_SET_DUMPABLE, because this may allow attackers to bypass
chroot/group restrictions. Found by cPanel Security Team. Nowadays
core dumps can be safely enabled by using "sysctl -w
fs.suid_dumpable=2". If the old behaviour is wanted, it can still be
enabled by setting:
import_environment=$import_environment PR_SET_DUMPABLE=1
* doveconf output now includes the hostname.
+ mail_attachment_detection_options setting controls when
$HasAttachment and $HasNoAttachment keywords are set for mails.
+ imap: Support fetching body snippets using FETCH (SNIPPET) or
(SNIPPET (LAZY=FUZZY))
+ fs-compress: Automatically detect whether input is compressed or not.
Prefix the compression algorithm with "maybe-" to enable the
detection, for example: "compress:maybe-gz:6:..."
+ Added settings to change dovecot.index* files' optimization behavior.
See https://wiki2.dovecot.org/IndexFiles#Settings
+ Auth cache can now utilize auth workers to do password hash
verification by setting auth_cache_verify_password_with_worker=yes.
+ Added charset_alias plugin. See
https://wiki2.dovecot.org/Plugins/CharsetAlias
+ imap_logout_format and pop3_logout_format settings now support all of
the generic variables (e.g. %{rip}, %{session}, etc.)
+ Added auth_policy_check_before_auth, auth_policy_check_after_auth
and auth_policy_report_after_auth settings.
- v2.2.33: doveadm-server: Various fixes related to log handling.
- v2.2.33: doveadm failed when trying to access UNIX socket that didn't
require authentication.
- v2.2.33: doveadm log reopen stopped working
- v2.2.30+: IMAP stopped advertising SPECIAL-USE capability
- v2.2.30+: IMAP stopped sending untagged OK/NO storage notifications
- replication: dsync sends unnecessary replication notification for
changes it does internally. NOTE: Folder creates, renames, deletes
and subscribes still trigger unnecessary replication notifications,
but these should be rather rare.
- mail_always/never_cache_fields setting changes weren't applied for
existing dovecot.index.cache files.
- Fix compiling and other problems with OpenSSL v1.1
- auth policy: With master user logins, lookup using login username.
- FTS reindexed all mails unnecessarily after loss of
dovecot.index.cache file
- mdbox rebuild repeatedly fails with "missing map extension"
- SSL connections may have been hanging with imapc or doveadm client.
- cassandra: Using protocol v3 (Cassandra v2.1) caused memory leaks and
also timestamps weren't set to queries.
- fs-crypt silently ignored public/private keys specified in
configuration (mail_crypt_global_public/private_key) and just
emitted plaintext output.
- lock_method=dotlock caused crashes
- imapc: Reconnection may cause crashes and other errors
MFH: 2018Q1
Security: CVE-2017-14461
Security: CVE-2017-15130
Security: CVE-2017-15132
Complete fix for CVE-2017-15132, the previous fix was not enough, and caused
the request to remain after an abort, causing a use-after-free later on.
PR: 225585
Submitted by: Vladimir Krstulja
Approved by: adamw (maintainer)
MFH: 2018Q1
Add upstream patch to fix CVE-2017-15132, memory leak in the log in process
that can cause memory exhaustion.
PR: 225446
Submitted by: Vladimir Krstulja
Approved by: adamw (maintainer), swills (ports-secteam)
MFH: 2018Q1
Security: 92b8b284-a3a2-41b1-956c-f9cf8b74f500
eugen noted that it's not uncommon for people to build WITHOUT_TCP_WRAPPERS,
and forcing the libwrap option gives them no recourse. So I'm adding back
the libwrap option, but defaulting it to on now---people who've compiled
WITHOUT_TCP_WRAPPERS will know how to build a custom dovecot.
I don't know any reason that the kqueue or libwrap options should be
disabled, so remove them from OPTIONS and enable their functionality
for everyone. Also, remove the :3 from USES=sqlite, because that
happens anyway.
Add the license files with LICENSE_FILE_*, rather than putting them
in DOCSDIR.
Sort plist.
PORTREVISION bump for above changes.
One more patch release with some fixes:
- doveadm: Fix crash in proxying (or dsync replication) if remote is
running older than v2.2.33
- auth: Fix memory leak in %{ldap_dn}
- dict-sql: Fix data types to work correctly with Cassandra
bump dovecot-pigeonhole PORTREVISION as well.
* doveadm director commands wait for the changes to be visible in the
whole ring before they return. This is especially useful in testing.
* Environments listed in import_environment setting are now set or
preserved when executing standalone commands (e.g. doveadm)
+ doveadm proxy: Support proxying logs. Previously the logs were
visible only in the backend's logs.
+ Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals
+ Added a new notify_status plugin, which can be used to update dict
with current status of a mailbox when it changes. See
https://wiki2.dovecot.org/Plugins/NotifyStatus
+ Mailbox list index can be disabled for a namespace by appending
":LISTINDEX=" to location setting.
+ dsync/imapc: Added dsync_hashed_headers setting to specify which
headers are used to match emails.
+ pop3-migration: Add pop3_migration_ignore_extra_uidls=yes to ignore
mails that are visible in POP3 but not IMAP. This could happen if
new mails were delivered during the migration run.
+ pop3-migration: Further improvements to help with Zimbra
+ pop3-migration: Cache POP3 UIDLs in imapc's dovecot.index.cache
if indexes are enabled. These are used to optimize incremental syncs.
+ cassandra, dict-sql: Use prepared statements if protocol version>3.
+ auth: Added %{ldap_dn} variable for passdb/userdb ldap
- acl: The "create" (k) permission in global acl-file was sometimes
ignored, allowing users to create mailboxes when they shouldn't have.
- sdbox: Mails were always opened when expunging, unless
mail_attachment_fs was explicitly set to empty.
- lmtp/doveadm proxy: hostip passdb field was ignored, which caused
unnecessary DNS lookups if host field wasn't an IP
- lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO
- quota_clone: Update also when quota is unlimited (broken in v2.2.31)
- mbox, zlib: Fix assert-crash when accessing compressed mbox
- doveadm director kick -f parameter didn't work
- doveadm director flush <host> resulted flushing all hosts, if <host>
wasn't an IP address.
- director: Various fixes to handling backend/director changes at
abnormal times, especially while ring was unsynced. These could have
resulted in crashes, non-optimal behavior or ignoring some of the
changes.
- director: Use less CPU in imap-login processes when moving/kicking
many users.
- lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs
when lmtp_rcpt_check_quota=yes
- doveadm sync -1 fails when local mailboxes exist that do not exist
remotely. This commonly happened when lazy_expunge mailbox was
autocreated when incremental sync expunged mails.
- pop3: rawlog_dir setting didn't work
* imapc: Info-level line is logged every time when successfully
connected to the remote server. This includes local/remote IP/port,
which can be useful for matching against external logs.
* config: Log a warning if plugin { key=no } is used explicitly.
v2.3 will support "no" properly in plugin settings, but for now
any value at all for a boolean plugin setting is treated as "yes",
even if it's written as explicit "no". This change will now warn
that it most likely won't work as intended.
+ Various optimizations to avoid accessing files/directories when it's
not necessary. Especially avoid accessing mail root directories when
INDEX directories point to a different filesystem.
+ mail_location can now include ITERINDEX parameter. This tells Dovecot
to perform mailbox listing from the INDEX path instead of from the
mail root path. It's mainly useful when the INDEX storage is on a
faster storage.
+ mail_location can now include VOLATILEDIR=<path> parameter. This
is used for creating lock files and in future potentially other
files that don't need to exist permanently. The path could point to
tmpfs for example. This is especially useful to avoid creating lock
files to NFS or other remote filesystems. For example:
mail_location=sdbox:~/sdbox:VOLATILEDIR=/tmp/volatile/%2.256Nu/%u
+ mail_location's LISTINDEX=<path> can now contain a full path.
This allows storing mailbox list index to a different storage
than the rest of the indexes, for example to tmpfs.
+ mail_location can now include NO-NOSELECT parameter. This
automatically deletes any \NoSelect mailboxes that have no children.
These mailboxes are sometimes confusing to users.
+ mail_location can now include BROKENCHAR=<char> parameter. This can
be useful with imapc to access mailbox names that aren't valid mUTF-7
charset from remote servers.
+ If mailbox_list_index_very_dirty_syncs=yes, the list index is no
longer refreshed against filesystem when listing mailboxes. This
allows the mailbox listing to be done entirely by only reading the
mailbox list index.
+ Added mailbox_list_index_include_inbox setting to control whether
INBOX's STATUS information should be cached in the mailbox list
index. The default is "no", but it may be useful to change it to
"yes", especially if LISTINDEX points to tmpfs.
+ userdb can return chdir=<path>, which override mail_home for the
chdir location. This can be useful to avoid accessing home directory
on login.
+ userdb can return postlogin=<socket> to specify per-user imap/pop3
postlogin socket path.
+ cassandra: Add support for result paging by adding page_size=<n>
parameter to the connect setting.
+ dsync/imapc, pop3-migration plugin: Strip also trailing tabs from
headers when matching mails. This helps with migrations from Zimbra.
+ imap_logout_format supports now %{appended} and %{autoexpunged}
+ virtual plugin: Optimize IDLE to use mailbox list index for finding
out when something has changed.
+ Added apparmor plugin. See https://wiki2.dovecot.org/Plugins/Apparmor
- virtual plugin: A lot of fixes. In many cases it was also working
very inefficiently or even incorrectly.
- imap: NOTIFY parameter parsing was incorrectly "fixed" in v2.2.31.
It was actually (mostly) working in previous versions, but broken
in v2.2.31.
- Modseq tracking didn't always work correctly. This could have caused
imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to
not work perfectly.
- mdbox: "Inconsistency in map index" wasn't fixed automatically
- dict-ldap: %variable values used in the LDAP filter weren't escaped.
- quota=count: quota_warning = -storage=.. was never executed (try #2).
v2.2.31 fixed it for -messages, but not for -storage.
- imapc: >= 32 kB mail bodies were supposed to be cached for subsequent
FETCHes, but weren't.
- quota-status service didn't support recipient_delimiter
- acl: Don't access dovecot-acl-list files with acl_globals_only=yes
- mail_location: If INDEX dir is set, mailbox deletion deletes its
childrens' indexes. For example if "box" is deleted, "box/child"
index directory was deleted as well (but mails were preserved).
- director: v2.2.31 caused rapid reconnection loops to directors
that were down.
2017-04-30 multimedia/avbin: Unfetchable for more than six months (google code has gone away)
games/gondola: Depends on expired multimedia/avbin
2017-04-30 sysutils/flyback: Unfetchable for more than six months (google code has gone away)
2017-06-30 multimedia/py-ffmpeg: Depreciated upstream in favour of ffpyplayer
2017-07-31 mail/dovecot: Deprecated by upstream years ago. Use mail/dovecot2 instead
While there replace USE_SQLITE=x by USES=sqlite:x.
PR: 208971
Submitted by: mat
Exp-run by: antoine
With hat: portmgr
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D5951
- ports that set USE_SQLITE with the *_USE option helper
- ports that depend on libsqlite3 indirectly as reported by pkg rquery
Approved by: portmgr (implicit)
- Attempt to limit portscout to version 1.2
- Fix rc script for one* commands [1]
Not bumping PORTREVISION as the installed version doesn't change, should
not affect dependent ports.
PR: 177497 [1]
Submitted by: nick@3wh.net [1]
Remove gssapi patch that is no longer needed. [2]
These both apply to mail/dovecot2 also. I will be working with the
maintainer there to get these committed.
PR: ports/167824 [1]
ports/
Submitted by: Dmitry Afanasiev <KOT@MATPOCKuH.Ru> [1]
Leon Messner <l.messner@physik.tu-berlin.de> [2]
Approved by: maintainer timeout
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().
In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.
