https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig
v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only bugs). Binary packages are already in https://repo.dovecot.org/
- old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while opening /proc/self/io. This may still cause security problems if the process is ptrace()d at the same time. Instead, open it while still running as root.
- doveadm: Added mailbox cache decision&remove commands. See doveadm-mailbox(1) man page for details.
- doveadm: Added rebuild attachments command for rebuilding $HasAttachment or $HasNoAttachment flags for matching mails. See doveadm-rebuild(1) man page for details.
- cassandra: Use fallback_consistency on more types of errors
- lmtp proxy: Support outgoing SSL/TLS connections
- lmtp: Add lmtp_rawlog_dir and lmtp_proxy_rawlog_dir settings.
- submission: Add support for rawlog_dir
- submission: Add submission_client_workarounds setting.
- lua auth: Add password_verify() function and additional fields in auth request.
- doveadm-server: TCP connections are hanging when there is a lot of network output. This especially caused hangs in dsync-replication.
- Using multiple type=shared mdbox namespaces crashed
- mail_fsync setting was ignored. It was always set to "optimized".
- lua auth: Fix potential crash at deinit
- SSL/TLS servers may have crashed if client disconnected during handshake.
- SSL/TLS servers: Don't send extraneous certificates to client when alt certs are used.
- lda, lmtp: Return-Path header without '<' may have assert-crashed.
- lda, lmtp: Unencoded UTF-8 in email address headers may assert-crash
- lda: -f parameter didn't allow empty/null/domainless address
- lmtp, submission: Message size limit was hardcoded to 40 MB. Exceeding it caused the connection to get dropped during transfer.
- lmtp: Fix potential crash when delivery fails at DATA stage
- lmtp: login_greeting setting was ignored
- Fix to work with OpenSSL v1.0.2f
- systemd unit restrictions were too strict by default
- Fix potential crashes when a lot of log output was produced
- SMTP client may have assert-crashed when sending mail
- IMAP COMPRESS: Send "end of compression" marker when disconnecting.
- cassandra: Fix consistency=quorum to work
- dsync: Lock file generation failed if home directory didn't exist
- Snippet generation for HTML mails didn't ignore &entities inside blockquotes, producing strange looking snippets.
- imapc: Fix assert-crash if getting disconnected and after reconnection all mails in the selected mailbox are gone.
- pop3c: Handle unexpected server disconnections without assert-crash
- fts: Fixes to indexing mails via virtual mailboxes.
- fts: If mails contained NUL characters, the text around it wasn't indexed.
- Obsolete dovecot.index.cache offsets were sometimes used. Trying to fetch a field that was just added to cache file may not have always found it.
On 2018-06-29 14:51, Timo Sirainen wrote:
A simple "yum update" will result in a ton of these errors:
Jun 29 15:02:19 stats: Error: stats: Socket supports major version 2, but we support only 3 (mixed old and new binaries?)
Should the yum update process perhaps not restart the dovecot service?
Tom
On 2018-06-29 16:00, Timo Sirainen wrote:
service stats { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = stats extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener stats-reader { group = mode = 0600 user = } unix_listener stats-writer { group = $default_internal_group mode = 0660 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B }
This is the full error-log that happened after "yum update": https://pastebin.com/tUJaehdV
"Jun 29 15:02:20" is the "/etc/init.d/dovecot restart"
Maybe it was a one-time thing for only my setup, I don't know - Although I find it hard to understand how a stat-writer socket with an old version should be able to run in 2.3.1 with major version 2 for several months - and the same thing happened on all of my 22 director-backend-servers.
Oh well.
Binary packages are already in https://repo.dovecot.org/ <https://repo.dovecot.org/>
Is there any plan to add bionic version to the ubuntu repo ?
On 29.06.2018 15:51, Timo Sirainen wrote:
Has something been changed in the CentOS package, especially with SELinux? I just updated from 2.3.1 and now I'm having to add SELinux rules for Dovecot to be able to read files in /etc. I've an sqlite user database in /etc/mail and sieve scripts in /etc/dovecot/sieve, neither are accessible anymore without adding extra SELinux rules.
Thanks, Reio
On 30.06.2018 10:55, Reio Remma wrote:
# This one is now needed to use the sqlite database in /etc/mail #
module selinux-dovecot-etc 1.0;
require {
type dovecot_auth_t;
type etc_mail_t;
class dir search;
class file { getattr lock open read write };
}
#============= dovecot_auth_t ==============
allow dovecot_auth_t etc_mail_t:dir search;
allow dovecot_auth_t etc_mail_t:file { getattr lock open read write };
# This module is needed for Dovecot to be able to execute sieve scripts in /etc/dovecot/sieve #
module selinux-dovecot-etc-execute 1.0;
require {
type dovecot_etc_t;
type dovecot_t;
class file { execute execute_no_trans };
}
#============= dovecot_t ==============
allow dovecot_t dovecot_etc_t:file { execute execute_no_trans };
# This module is needed for my spamc scripts to access what it needs #
module selinux-dovecot-sieve-execute 1.0;
require {
type var_log_t;
type dovecot_t;
type spamc_exec_t;
type tmpfs_t;
class lnk_file read;
class file { execute execute_no_trans getattr open read };
}
#============= dovecot_t ==============
allow dovecot_t spamc_exec_t:file { execute execute_no_trans getattr open read };
allow dovecot_t tmpfs_t:lnk_file read;
allow dovecot_t var_log_t:file open;
None of these modules were needed before upgrade from 2.3.1 on my Centos 7.5 system.
Good luck, Reio
v2.3.2 is mainly a bugfix release.
Please push a tag into the git repository.
Thanks, Heiko
Heiko Schlichting Freie Universität Berlin heiko.schlichting@fu-berlin.de Zentraleinrichtung für Datenverarbeitung Telefon +49 30 838-54327 Fabeckstraße 32 Telefax +49 30 838454327 14195 Berlin
On 04/07/2018 9:44, Heiko Schlichting wrote:
v2.3.2 is mainly a bugfix release.
Please push a tag into the git repository.
Yes, thanks for doing it, and I will be gratefull also, if the dovecot master-2.3 and pigeonhole master-0.5 branchs would include the commits of the last dovecot and pigeonhole releases.
Thanks Juan C.
-- +-------------------------------------------------------------------+ | Juan C. Blanco | | | | Centro de Calculo | | | E.T.S. Ingenieros Informáticos | E-mail: jcblanco@fi.upm.es | | Universidad Politécnica de Madrid | | | Campus de Montegancedo | | | Boadilla del Monte | Tel.: (+34) 91 067 2771 | | 28660 MADRID (Spain) | Fax : (+34) 91 336 7412 | +-------------------------------------------------------------------+
participants (8)
-
Aki Tuomi
-
Heiko Schlichting
-
Jean-Daniel
-
Juan C. Blanco
-
Michael Grimm
-
Reio Remma
-
Timo Sirainen
-
Tom Sommer