http://dovecot.org/releases/dovecot-1.0.rc15.tar.gzhttp://dovecot.org/releases/dovecot-1.0.rc15.tar.gz.sig
* Fixed an off-by-one buffer overflow in cache file handling. The
code is executed only with mmap_disable=yes and only if index files
are used (ie. INDEX=MEMORY is safe).
* passdb checkpassword: Handle vpopmail's non-standard exit codes.
- rc14 sometimes assert-crashed if .log.2 file existed in a mailbox
(earlier versions leaked memory and file descriptors)
- io_add() assert-crashfixes
- Potential SSL hang fix at the beginning of the connection
Version: 1.0test53 .. 1.0.rc14 (ie. all 1.0alpha, 1.0beta and 1.0rc
versions so far).
0.99.x versions are safe (they don't even have mmap_disable setting).
Problem: When mmap_disable=yes setting is used, dovecot.index.cache file
is read to memory using "file cache" code. It contains a "mapped pages"
bitmask buffer. In some conditions when updating the buffer it allocates
one byte too little.
Exploitability: I think it's going to be pretty difficult to cause
anything else than a crash, but I wouldn't say impossible. Only logged
in IMAP/POP3 users can exploit this.
In theory you might be able to exploit this for other users as well by
sending them a lot of specially crafted emails, but this requires
knowing what dovecot.index.cache file contains. Normally its contents
can't be predicted, although perhaps with POP3 users it gets empty often
enough that the exploit could be tried. Then again, the exploit requires
having at least 4MB cache file, which won't happen with POP3 users
before the mailbox has about 170k mails (if I counted right).
With IMAP the cache file is used more, so it's easier to fill the 4MB
with for example a lot of To-headers.
Workaround: Use INDEX=MEMORY so the cache files aren't used at all.
Fix: 1.0.rc15 fixes this. You can also use this patch:
http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff
http://dovecot.org/releases/dovecot-1.0.rc14.tar.gzhttp://dovecot.org/releases/dovecot-1.0.rc14.tar.gz.sig
More fixes.
"Duplicate header extension keywords" is the only known problem (or if I
forgot something, remind me). I'll try to figure out a way to reproduce
it easily and then get it fixed.
* LDAP: Don't try to use ldap_bind() with empty passwords, since
Windows 2003 AD skips password checking with them and just returns
success.
* verbose_ssl=yes: Don't bother logging "syscall failed: EOF"
messages. No-one cares about them.
+ Dovecot sources should now compile without any warnings with gcc 3.2+
- rc13 crashed if client disconnected while IDLEing
- LDAP: auth_bind=yes fixes
- %variables: Fixed zero padding handling and documented it. %0.1n
shouldn't enable it, and it really shouldn't stay for the next
%variable. -sign also shouldn't stay for the next variable.
- Don't leak opened .log.2 transaction logs.
- Fixed a potential hang in IDLE command (probably really rare).
- Fixed potential problems with client disconnecting while master was
handling the login.
- quota plugin didn't work in Mac OS X
http://dovecot.org/releases/dovecot-1.0.rc13.tar.gzhttp://dovecot.org/releases/dovecot-1.0.rc13.tar.gz.sig
I'll just keep on making new releases now whenever something important
is fixed. Hopefully there shouldn't be many left anymore.
Most of the bugs fixed in this release were found by stress testing with
my imaptest tool (http://dovecot.org/tools/imaptest.c). If you're
interested in knowing how perfectly your Dovecot setup works (especially
if you're using NFS), you could try the tool yourself also.
I still see one crash with mmap_disable=yes, but it's pretty rare. Will
see if I get it fixed before v1.0, but it's not that important.
+ deliver: If we're executing as a normal system user, get the HOME
environment from passwd if it's not set. This makes it possible to
run deliver from .forward.
- Older compilers caused LDAP authentication to crash
- Dying LDAP connections weren't handled exactly correctly in rc11,
although it seemed to work usually
- Fixed crashes and memory leaks with AUTHENTICATE command
- Fixed crashes and leaks with IMAP/POP3 proxying
- maildir: Changing a mailbox while another process was saving a
message there at the same may have caused the changes to not be made
into the maildir, which could have caused other problems later..
http://dovecot.org/releases/dovecot-1.0.rc12.tar.gzhttp://dovecot.org/releases/dovecot-1.0.rc12.tar.gz.sig
Since rc11 has problems compiling with BSDs, here's a new release. Just
two changes:
- rc11 didn't compile with some compilers
- default_mail_env fallbacking was broken with --exec-mail
Here's also again the rc11 changes:
* Renamed default_mail_env to mail_location. default_mail_env still
works for backwards compatibility.
* deliver: When sending rejects, don't include Content-Type in the
rejected mail's headers.
* LDAP changes:
* If auth binds are used, bind back to the default dn before doing
a search. Otherwise it could fail if a user gave an invalid
password.
* Initial binding at connect is now done asynchronously.
* Use pass_attrs even with auth_bind=yes since it may contain
useful non-password fields.
+ passdb checkpassword: Give TCPLOCALIP and TCPREMOTEIP and PROTO=TCP
environments to the checkpassword binary so we're UCSPI (and vchkpw)
compatible.
- mbox handling was a bit broken in rc10
- Using Dovecot via inetd kept crashing dovecot master
- deliver: Don't crash with -f "". Changed the default from envelope
to be "MAILER-DAEMON".
- INBOX wasn't shown with LSUB command if only prefixed namespaces
were used.
- passdb ldap: Reconnecting to LDAP server wasn't working with
auth binds.
- passdb sql: Non-plaintext authentication didn't work
- MySQL passdb ignored all non-password checks, such as allow_nets
- trash plugin was broken
http://dovecot.org/releases/dovecot-1.0.rc11.tar.gzhttp://dovecot.org/releases/dovecot-1.0.rc11.tar.gz.sig
Hopefully the last RC release? As far as I know there are no major
problems left now. If nothing big shows up, v1.0 should be out in a
couple of weeks.
* Renamed default_mail_env to mail_location. default_mail_env still
works for backwards compatibility.
* deliver: When sending rejects, don't include Content-Type in the
rejected mail's headers.
* LDAP changes:
* If auth binds are used, bind back to the default dn before doing
a search. Otherwise it could fail if a user gave an invalid
password.
* Initial binding at connect is now done asynchronously.
* Use pass_attrs even with auth_bind=yes since it may contain
useful non-password fields.
+ passdb checkpassword: Give TCPLOCALIP and TCPREMOTEIP and PROTO=TCP
environments to the checkpassword binary so we're UCSPI (and vchkpw)
compatible.
- mbox handling was a bit broken in rc10
- Using Dovecot via inetd kept crashing dovecot master
- deliver: Don't crash with -f "". Changed the default from envelope
to be "MAILER-DAEMON".
- INBOX wasn't shown with LSUB command if only prefixed namespaces
were used.
- passdb ldap: Reconnecting to LDAP server wasn't working with
auth binds.
- passdb sql: Non-plaintext authentication didn't work
- MySQL passdb ignored all non-password checks, such as allow_nets
- trash plugin was broken