Probably one more RC after this.
* Security fix: If zlib plugin was loaded, it was possible to open
gzipped mbox files outside the user's mail directory.
+ Added auth_gssapi_hostname setting.
- IMAP: LIST "" "" didn't return anything if there didn't exist a
namespace with empty prefix. This broke some clients.
- If Dovecot is tried to be started when it's already running, don't
delete existing auth sockets and break the running Dovecot
- If deliver failed too early it still returned exit code 89 instead
- deliver: INBOX fallbacking with -n parameter wasn't working.
- passdb passwd and shadow couldn't be used as master or deny databases
- IDLE: inotify didn't notice changes in mbox file
- If index file directory couldn't be created, disable indexes instead
of failing to open the mailbox.
- Several other minor fixes
zlib plugin allows opening gzipped mboxes as read-only mailboxes.
However when using it, the mailbox name checks are bypassed so it's
possible to open for example "../otheruser/somefile.gz". Only valid
gzipped mbox files can be opened, and only if their name ends with
You can fix this by upgrading to v1.0.rc29 (available soon) or with this
I don't think this matters much though. zlib plugin is rarely used, and
those who do use it are probably using Dovecot with systems users
(per-user UIDs), so the imap process wouldn't have access to other
users' mbox files anyway.
I found this problem when I was cleaning up the code in CVS HEAD.
Still a bit more fixes. My coding TODO list is again empty. Unless
something special happens in the next few weeks, I'll still make rc29
with the documentation included and v1.0 will be released April 13.
* deliver + userdb static: Verify the user's existence from passdb,
* dovecot --exec-mail: Log to configured log files instead of stderr
* Added "-example" part to doc/dovecot-sql-example.conf and
doc/dovecot-ldap-example.conf. They are now also installed to
$sysconfdir with "make install".
+ When copying/syncing a lot of mails, send "* OK Hang in there"
replies to client every 15 seconds so it doesn't just timeout the
+ Added idxview and logview utilities to examine Dovecot's index files
+ passdb passwd and shadow support blocking=yes setting now also
+ mbox: If mbox file changes unexpectedly while we're writing to it,
log an error.
+ deliver: Ignore -m "" parameter to make calling it easier.
+ deliver: Added new -n parameter to disable autocreating mailboxes.
It affects both -m parameter and Sieve plugin's fileinto action
- mbox: Using ~/ in the mail root directory caused a ~ directory to be
created (instead of expanding it to home directory)
- auth cache: If unknown user was found from cache, we didn't properly
return "unknown user" status, which could have caused problems in
- mbox: Fixed "UID inserted in the middle of mailbox" in some
conditions with broken X-UID headers
- Index view syncing fixes
- rc27 didn't compile with some non-GCC compilers
- vpopmail support didn't compile in rc27
- NFS check with chrooting broke home direcotry for the first login
- deliver: If user lookup returned "unknown user", it logged
"BUG: Unexpected input"
- convert plugin didn't convert INBOX
A few new small features and lots of index/mbox fixes. I've been heavily
stress testing this release, so I think it should be about perfect. :)
I think the only thing still missing from v1.0 is documentation. There
are some unwritten pages in the wiki, and I still haven't bothered to
write the wiki -> doc/*.txt conversion script. The script will probably
be pretty easy, but writing the docs can take a while.
+ mbox and index file code handles silently out of quota/disk
space errors (maildir still has problems). They will give the user
a "Not enough disk space" error instead of flooding the log file.
+ Added fsync_disable setting.
+ mail-log plugin: Log the mailbox name, except if it's INBOX
+ dovecot-auth: Added a lot more debug logging to passdbs and userdbs
+ dovecot-auth: Added %c variable which expands to "secured" with
+ dovecot-auth: Added %m variable which expands to auth mechanism name
- maildir++ quota: With ignore=box setting the quota was still updated
for the mailbox even though it was allowed to go over quota (but
quota recalculation ignored the box).
- Index file handling fixes
- mbox syncing fixes
- Wrong endianess index files still weren't silently rebuilt
- IMAP quota plugin: GETQUOTAROOT returned the mailbox name wrong the
namespace had a prefix or if its separator was non-default
- IMAP: If client was appending multiple messages with MULTIAPPEND
and LITERAL+ extensions and one of the appends failed, Dovecot
treated the rest of the mail data as IMAP commands.
- If mail was sent to client with sendfile() call, we could have
hanged the connection. This could happen only if mails were saved
with CR+LF linefeeds.
Most importantly this should fix mbox problems in recent RCs.
* Changed --with-headers to --enable-header-install
* If time moves backwards only max. 5 seconds, sleep until we're back
in the original present instead of killing ourself. An error is
- IMAP: With namespace prefixes LSUB prefix.* listed INBOX.INBOX.
- deliver: Ignore mbox metadata headers from the message input.
X-IMAP header crashed deliver.
- deliver: If mail_debug=yes, drop out DEBUG environment before
calling sendmail binary. Postfix's sendmail didn't really like it.
- mbox: X-UID brokeness fixes broke rc25 even with valid X-UID headers.
Now the code should finally work right.
- Maildir: When syncing a huge maildir, touch dovecot-uidlist.lock file
once in a while to make sure it doesn't get overwritten by another
- Maildir++ quota: We didn't handle NUL bytes in maildirsize files very
well. Now the file is rebuilt when they're seen (NFS problem).
- Index/view handling fix should fix some crashes/errors
- If index files were moved to a different endianess machine, Dovecot
logged all sorts of errors instead of silently rebuilding them.
- Convert plugin didn't change hierarchy separators in mailbox names.
- PostgreSQL authentication could have lost requests once in a while
with a heavily loaded server.
- Login processes could have crashed in some situations
- auth cache crashed with non-plaintext mechanisms
Instead of having "Should v1.0 be released already" discussion, how
about having "What's still missing from wiki.dovecot.org and how could
it be improved" discussion? And what should the wiki exported to doc/
directory in the tarball look like?
* If time moves backwards, Dovecot kills itself instead of giving
+ Added --with-headers configure option to install .h files.
Binary package builders could use this to create some dovecot-dev
package to make compiling plugins easier.
- PLAIN authentication: Don't crash dovecot-auth with invalid input.
- IMAP APPEND: Don't crash if saving fails
- IMAP LIST: If prefix.INBOX has children and we're listing under
prefix.%, don't drop the prefix.
- mbox: Broken X-UID headers still weren't handled correctly.
- mail-log plugin: Fixed deleted/undeleted logging.