Howdy y'all,
I noticed something odd with the userdb/passdb processing past the 2.4.2 CVE fix, etc. -- namely that the prefixing you previously needed to do to userdb returns, etc. when you set a cache_key is no longer necessary and in fact harmful.
It is worth mentioning, as after looking into this a bit and realizing that it "should have been obvious" to me that this would have been the case. That said I didn't make the logical leap till doveadm screamed at me about it during mailbox creation after upgrade (can't very well do doveadm mailbox create -s -u user@domain.test INBOX.spam when your userdb returns ${CACHE_KEY}_mailbox/INBOX/spam/... for the relevant config values, etc.).
TL;DR: disabling the cache = do NOT prefix any userdb/passdb returns in accordance with cache_key you set. This is true for lua passdb/authdb or any other authdb, not just passwd/oauth2.
Cheers,
Thomas "Andy" Baugh | Software Development Engineer IV andy.baugh@webpros.com www.webpros.com
Oh, also, turns out I forgot to bump dovecot_config_version and wound up getting "wrong ABI version" explosions from pigeonhole till I adjusted that to 2.4.2 (yes, I did recompile pigeonhole).
Out of *any* of these new and improved settings, that one absolutely makes my blood boil, as it is not only *useless* (it can't be anything *other* than the dovecot version, otherwise prepare for pain), but required.
If there's any PR I'd like to make on 2.4.x, it'd probably be that -- hardcode dovecot_config_version to equal the program version, as nothing else works anyways.
From: Andy Baugh via dovecot <dovecot@dovecot.org> Sent: Tuesday, November 4, 2025 5:53 PM To: Aki Tuomi via dovecot <dovecot@dovecot.org> Subject: 2.4.2 upgrade oddity
Howdy y'all,
I noticed something odd with the userdb/passdb processing past the 2.4.2 CVE fix, etc. -- namely that the prefixing you previously needed to do to userdb returns, etc. when you set a cache_key is no longer necessary and in fact harmful.
It is worth mentioning, as after looking into this a bit and realizing that it "should have been obvious" to me that this would have been the case. That said I didn't make the logical leap till doveadm screamed at me about it during mailbox creation after upgrade (can't very well do doveadm mailbox create -s -u user@domain.test INBOX.spam when your userdb returns ${CACHE_KEY}_mailbox/INBOX/spam/... for the relevant config values, etc.).
TL;DR: disabling the cache = do NOT prefix any userdb/passdb returns in accordance with cache_key you set. This is true for lua passdb/authdb or any other authdb, not just passwd/oauth2.
Cheers,
Thomas "Andy" Baugh | Software Development Engineer IV andy.baugh@webpros.com http://www.webpros.com/
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
On 06/11/2025 18:25 EET Andy Baugh via dovecot <dovecot@dovecot.org> wrote:
Oh, also, turns out I forgot to bump
dovecot_config_versionand wound up getting "wrong ABI version" explosions from pigeonhole till I adjusted that to 2.4.2 (yes, I did recompile pigeonhole).Out of *any* of these new and improved settings, that one absolutely makes my blood boil, as it is not only *useless* (it can't be anything *other* than the dovecot version, otherwise prepare for pain), but required.
If there's any PR I'd like to make on 2.4.x, it'd probably be that -- hardcode dovecot_config_version to equal the program version, as nothing else works anyways.
This makes no sense. dovecot_config_version does not have any relation whatsoever with "wrong ABI version", this is determined in compile/link phase.
Aki
participants (2)
-
Aki Tuomi
-
Andy Baugh