[Dovecot] 1.0.beta2 released
I had originally thought that I'd do a complete audit of the Dovecot's sources this weekend, but looks like I didn't. Hopefully I've been writing good enough code that the "1000 EUR for security hole" offer lasts for a long time. :)
This release should fix the SSL parameter regeneration problem. There were two changes that were needed to fix it, but I had forgotten the other one.
v1.0.beta2 2006-01-22 Timo Sirainen tss@iki.fi
+ Added SQLite support. Patch by Jakob Hirsch.
+ Added auth_debug_passwords setting. If it's not enabled, hide all
password strings from logs.
+ Added mail_cache_min_mail_count and mbox_min_index_size settings
which can be used to make Dovecot do less disk writes in small
mailboxes where they don't benefit that much.
+ Added --build-ssl-parameters parameter to dovecot binary
- SSL parameters were being regenerated every 10 minutes, although
not with all systems.
- Fixed dovecot-auth crashing at startup. Happened only with some
specific compilers.
- base_dir was supposed to be set world-readable, not world-writablei386 http://fedora.ivazquez.net/yum/4/i386/RPMS.alternatives/dovecot-1.0-0.iva.3.... http://fedora.ivazquez.net/yum/4/i386/SRPMS.alternatives/dovecot-1.0-0.iva.3... ppc http://fedora.ivazquez.net/yum/4/ppc/RPMS.alternatives/dovecot-1.0-0.iva.3.b... http://fedora.ivazquez.net/yum/4/ppc/SRPMS.alternatives/dovecot-1.0-0.iva.3.... x86_64 http://fedora.ivazquez.net/yum/4/x86_64/RPMS.alternatives/dovecot-1.0-0.iva.... http://fedora.ivazquez.net/yum/4/x86_64/SRPMS.alternatives/dovecot-1.0-0.iva...
-- Ignacio Vazquez-Abrams ivazquez@ivazquez.net http://fedora.ivazquez.net/
gpg --keyserver hkp://subkeys.pgp.net --recv-key 38028b72
Ignacio Vazquez-Abrams wrote:
i386 http://fedora.ivazquez.net/yum/4/i386/RPMS.alternatives/dovecot-1.0-0.iva.3.... http://fedora.ivazquez.net/yum/4/i386/SRPMS.alternatives/dovecot-1.0-0.iva.3... ppc http://fedora.ivazquez.net/yum/4/ppc/RPMS.alternatives/dovecot-1.0-0.iva.3.b... http://fedora.ivazquez.net/yum/4/ppc/SRPMS.alternatives/dovecot-1.0-0.iva.3.... x86_64 http://fedora.ivazquez.net/yum/4/x86_64/RPMS.alternatives/dovecot-1.0-0.iva.... http://fedora.ivazquez.net/yum/4/x86_64/SRPMS.alternatives/dovecot-1.0-0.iva...
I can not download any of these packages, Apache says "Not found" for each of them.
SergeyOn Wed, 2006-01-25 at 13:27 -0500, Sergey Ivanov wrote:
Ignacio Vazquez-Abrams wrote:
I can not download any of these packages, Apache says "Not found" for each of them.
That hostname is currently having issues. I'll let you know when it's back up.
-- Ignacio Vazquez-Abrams ivazquez@ivazquez.net http://fedora.ivazquez.net/
gpg --keyserver hkp://subkeys.pgp.net --recv-key 38028b72
On Wed, 2006-01-25 at 13:45 -0500, Ignacio Vazquez-Abrams wrote:
On Wed, 2006-01-25 at 13:27 -0500, Sergey Ivanov wrote:
Ignacio Vazquez-Abrams wrote:
I can not download any of these packages, Apache says "Not found" for each of them.
That hostname is currently having issues. I'll let you know when it's back up.
Okay, you can get them now.
-- Ignacio Vazquez-Abrams ivazquez@ivazquez.net http://fedora.ivazquez.net/
gpg --keyserver hkp://subkeys.pgp.net --recv-key 38028b72
Timo Sirainen wrote:
I had originally thought that I'd do a complete audit of the Dovecot's sources this weekend, but looks like I didn't. Hopefully I've been writing good enough code that the "1000 EUR for security hole" offer lasts for a long time. :)
This release should fix the SSL parameter regeneration problem. There were two changes that were needed to fix it, but I had forgotten the other one.
v1.0.beta2 2006-01-22 Timo Sirainen tss@iki.fi
- Added SQLite support. Patch by Jakob Hirsch.
- Added auth_debug_passwords setting. If it's not enabled, hide all password strings from logs.
- Added mail_cache_min_mail_count and mbox_min_index_size settings which can be used to make Dovecot do less disk writes in small mailboxes where they don't benefit that much.
- Added --build-ssl-parameters parameter to dovecot binary
- SSL parameters were being regenerated every 10 minutes, although not with all systems.
- Fixed dovecot-auth crashing at startup. Happened only with some specific compilers.
- base_dir was supposed to be set world-readable, not world-writable
Hi, I have attached patch that should fix all kqueue issues (I hope). It is smaller than it looks because I also reindented both kqueue files with tabs as is the rest of the source.
The ioloop.c hunk is necessarry for me to be able to io_remove() handle in io_loop_notify_handler_deinit() that I have added in io_loop_notify_handler_init(). Without it io_loop_destroy() will remove the io record behind my back which crashes the program.
The other attached patch is what I used for easier debugging. I think it could help somebody else too.
Vaclav Haisman
On Mon, Jan 23, 2006 at 06:50:14PM +0100, Vaclav Haisman wrote:
Timo Sirainen wrote:
I had originally thought that I'd do a complete audit of the Dovecot's sources this weekend, but looks like I didn't. Hopefully I've been writing good enough code that the "1000 EUR for security hole" offer lasts for a long time. :)
This release should fix the SSL parameter regeneration problem. There were two changes that were needed to fix it, but I had forgotten the other one.
v1.0.beta2 2006-01-22 Timo Sirainen tss@iki.fi
- Added SQLite support. Patch by Jakob Hirsch.
- Added auth_debug_passwords setting. If it's not enabled, hide all password strings from logs.
- Added mail_cache_min_mail_count and mbox_min_index_size settings which can be used to make Dovecot do less disk writes in small mailboxes where they don't benefit that much.
- Added --build-ssl-parameters parameter to dovecot binary
- SSL parameters were being regenerated every 10 minutes, although not with all systems.
- Fixed dovecot-auth crashing at startup. Happened only with some specific compilers.
- base_dir was supposed to be set world-readable, not world-writable
Hi, I have attached patch that should fix all kqueue issues (I hope). It is smaller than it looks because I also reindented both kqueue files with tabs as is the rest of the source.
The ioloop.c hunk is necessarry for me to be able to io_remove() handle in io_loop_notify_handler_deinit() that I have added in io_loop_notify_handler_init(). Without it io_loop_destroy() will remove the io record behind my back which crashes the program.
The other attached patch is what I used for easier debugging. I think it could help somebody else too.
This kqueue diff resolves a number of issues reported to me about Dovecot 1.0.beta1 plus the previous kqueue diff.
On Mon, 2006-01-23 at 18:50 +0100, Vaclav Haisman wrote:
I have attached patch that should fix all kqueue issues (I hope). It is smaller than it looks because I also reindented both kqueue files with tabs as is the rest of the source.
if ((fds[fd].mode & (IO_READ | IO_ERROR)) == 0 && (fcntl(io->fd, F_GETFD, 0) != -1 || errno != EBADF)) if (kevent(ctx->kq, &ev, 1, NULL, 0, NULL) == -1) {
Can't this be fixed some other way so that those EBADFs don't happen? If not, is it guaranteed that it gives EBADF, and not accidentally succeed because some other fd was just opened with same number as io->fd?
Also can't the above just as well be written as:
if ((fds[fd].mode & (IO_READ | IO_ERROR)) == 0) if (kevent(ctx->kq, &ev, 1, NULL, 0, NULL) == -1 && errno != EBADF) {
The other attached patch is what I used for easier debugging. I think it could help somebody else too.
I've tried to keep the error messages as unique as needed so that file names and numbers wouldn't be needed :) But I'll add it to http://dovecot.org/patches/ in case it's needed some day by someone.
On Sun, 2006-01-29 at 12:16 +0200, Timo Sirainen wrote:
On Mon, 2006-01-23 at 18:50 +0100, Vaclav Haisman wrote:
I have attached patch that should fix all kqueue issues (I hope). It is smaller than it looks because I also reindented both kqueue files with tabs as is the rest of the source.
if ((fds[fd].mode & (IO_READ | IO_ERROR)) == 0 && (fcntl(io->fd, F_GETFD, 0) != -1 || errno != EBADF)) if (kevent(ctx->kq, &ev, 1, NULL, 0, NULL) == -1) {
Can't this be fixed some other way so that those EBADFs don't happen? If not, is it guaranteed that it gives EBADF, and not accidentally succeed because some other fd was just opened with same number as io->fd?
I committed this now without these EBADF checks and removed some other things that seemed to be there only for debugging and slowing down normal use.
Until I'm sure the EBADF checks are right, I think it's better to show errors caused by them than potentially cause random hidden problems.
Timo Sirainen wrote:
On Mon, 2006-01-23 at 18:50 +0100, Vaclav Haisman wrote:
I have attached patch that should fix all kqueue issues (I hope). It is smaller than it looks because I also reindented both kqueue files with tabs as is the rest of the source.
if ((fds[fd].mode & (IO_READ | IO_ERROR)) == 0 && (fcntl(io->fd, F_GETFD, 0) != -1 || errno != EBADF)) if (kevent(ctx->kq, &ev, 1, NULL, 0, NULL) == -1) {
Can't this be fixed some other way so that those EBADFs don't happen? If not, is it guaranteed that it gives EBADF, and not accidentally succeed because some other fd was just opened with same number as io->fd?
Also can't the above just as well be written as:
if ((fds[fd].mode & (IO_READ | IO_ERROR)) == 0) if (kevent(ctx->kq, &ev, 1, NULL, 0, NULL) == -1 && errno != EBADF) { The nature of kqueue is that it automatically removes/unregisters all filters associated with handle if the handle is closed and thus if the user of the ioloop code tries to remove the handle after it has been already closed then he gets EBADF.
I think the way you wrote it actually looks better.
The other attached patch is what I used for easier debugging. I think it could help somebody else too.
I've tried to keep the error messages as unique as needed so that file names and numbers wouldn't be needed :) But I'll add it to http://dovecot.org/patches/ in case it's needed some day by someone.
Vaclav Haisman
On Sun, 2006-01-29 at 12:47 +0100, Václav Haisman wrote:
if ((fds[fd].mode & (IO_READ | IO_ERROR)) == 0) if (kevent(ctx->kq, &ev, 1, NULL, 0, NULL) == -1 && errno != EBADF) { The nature of kqueue is that it automatically removes/unregisters all filters associated with handle if the handle is closed and thus if the user of the ioloop code tries to remove the handle after it has been already closed then he gets EBADF.
In that case I think it'd be better to make sure io_remove() is always called before the file descriptor is closed. That way the real EBADF errors are catched, if there ever happened to be those for some reason. I'll start moving those io_remove()s..
Timo Sirainen tss@iki.fi writes:
v1.0.beta2 2006-01-22 Timo Sirainen tss@iki.fi
- Added SQLite support. Patch by Jakob Hirsch.
I've listed Dovecot at http://www.sqlite.org/cvstrac/wiki?p=SqliteUsers
I've also updated the Dovecot RPMs for SUSE 10.0 i586 (still no separate x86_64 RPMs - use the i586 RPMs instead) to beta2 and added sqlite support (note that the current build links everything into the "auth" program even if unneeded - perhaps the SQL backends should be implemented as standalone plugins so they can split across various packages, to cut down dependencies in packages).
http://mandree.home.pages.de/suse-10.0-i586/ http://mandree.home.pages.de/suse-10.0-src/
Marcus Rückert's directory still doesn't appear to have updated RPMs, so I thought I'd do it again :-)
-- Matthias Andree
Matthias Andree wrote:
- Added SQLite support. Patch by Jakob Hirsch. I've listed Dovecot at http://www.sqlite.org/cvstrac/wiki?p=SqliteUsers
Ah, nice, thanks. I knew SQLite must have something like that.
support (note that the current build links everything into the "auth" program even if unneeded - perhaps the SQL backends should be implemented as standalone plugins so they can split across various packages, to cut down dependencies in packages).
That's what I thought afterwards... but I don't know much about dovecot plugins. Looking at the code, I think we'd need a authentication hook, but there is none. Maybe Timo could say somethink about this.
On Wed, 2006-01-25 at 12:16 +0100, Jakob Hirsch wrote:
support (note that the current build links everything into the "auth" program even if unneeded - perhaps the SQL backends should be implemented as standalone plugins so they can split across various packages, to cut down dependencies in packages).
That's what I thought afterwards... but I don't know much about dovecot plugins. Looking at the code, I think we'd need a authentication hook, but there is none. Maybe Timo could say somethink about this.
Done in CVS. --without-sql-drivers to configure and then INSTALL file tells how to compile the modules.
On 2006-01-27 00:03:15 +0200, Timo Sirainen wrote:
On Wed, 2006-01-25 at 12:16 +0100, Jakob Hirsch wrote:
support (note that the current build links everything into the "auth" program even if unneeded - perhaps the SQL backends should be implemented as standalone plugins so they can split across various packages, to cut down dependencies in packages).
That's what I thought afterwards... but I don't know much about dovecot plugins. Looking at the code, I think we'd need a authentication hook, but there is none. Maybe Timo could say somethink about this.
Done in CVS. --without-sql-drivers to configure and then INSTALL file tells how to compile the modules.
can you do the same for dovecot-lda?
darix
On 2006-01-27 00:03:15 +0200, Timo Sirainen wrote:
On Wed, 2006-01-25 at 12:16 +0100, Jakob Hirsch wrote:
support (note that the current build links everything into the "auth" program even if unneeded - perhaps the SQL backends should be implemented as standalone plugins so they can split across various packages, to cut down dependencies in packages).
That's what I thought afterwards... but I don't know much about dovecot plugins. Looking at the code, I think we'd need a authentication hook, but there is none. Maybe Timo could say somethink about this.
Done in CVS. --without-sql-drivers to configure and then INSTALL file tells how to compile the modules.
can you do the same for the ldap part?
darix
On 27.1.2006 00:17, "Marcus Rueckert" rueckert@informatik.uni-rostock.de wrote:
On 2006-01-27 00:03:15 +0200, Timo Sirainen wrote:
On Wed, 2006-01-25 at 12:16 +0100, Jakob Hirsch wrote:
support (note that the current build links everything into the "auth" program even if unneeded - perhaps the SQL backends should be implemented as standalone plugins so they can split across various packages, to cut down dependencies in packages).
That's what I thought afterwards... but I don't know much about dovecot plugins. Looking at the code, I think we'd need a authentication hook, but there is none. Maybe Timo could say somethink about this.
Done in CVS. --without-sql-drivers to configure and then INSTALL file tells how to compile the modules.
can you do the same for the ldap part?
It has always worked for LDAP. See INSTALL file.
participants (10)
-
Brad
-
Ignacio Vazquez-Abrams
-
Jakob Hirsch
-
Marcus Rueckert
-
Matthias Andree
-
Sebastjan Trepca
-
Sergey Ivanov
-
Timo Sirainen
-
Vaclav Haisman
-
Václav Haisman