PaulHowarth/Blog/2017-05-31

Wednesday 31st May 2017

Local Packages

  • Updated dovecot to 2.2.30:

    • auth: Use timing safe comparisons for everything related to passwords; it's unlikely that these could have been used for practical attacks, especially because Dovecot delays and flushes all failed authentications in 2 second intervals, and it could have worked only when passwords were stored in plaintext in the passdb

    • master process sends SIGQUIT to all running children at shutdown, which instructs them to close all the socket listeners immediately; this way, restarting Dovecot should no longer fail due to some processes keeping the listeners open for a long time

    • auth: Add passdb { mechanisms=none } to match separate passdb lookup

    • auth: Add passdb { username_filter } to use passdb only if user matches the filter (see https://wiki2.dovecot.org/PasswordDatabase)

    • dsync: Add dsync_commit_msgs_interval setting, which attempts to commit the transaction after saving this many new messages; because of the way dsync works, it may not always be possible if mails are copied or UIDs need to change

    • imapc: Support imapc_features=search without ESEARCH extension

    • imapc: Add imapc_features=fetch-bodystructure to pass through remote server's FETCH BODY and BODYSTRUCTURE

    • imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the remote server

    • passdb imap: Add allow_invalid_cert and ssl_ca_file parameters

    • If dovecot.index.cache corruption is detected, reset only the one corrupted mail instead of the whole file

    • doveadm mailbox status: Add "firstsaved" field

    • director_flush_socket: Add old host's up/down and vhost count as parameters

    • More fixes to automatically fix corruption in dovecot.list.index

    • dsync-server: Fix support for dsync_features=empty-header-workaround

    • imapc: Various bugfixes, including infinite loops on some errors

    • IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't enabled modseq tracking via CONDSTORE/QRESYNC

    • fts-lucene: Fix it to work again with mbox format

    • Some internal error messages may have contained garbage in v2.2.29

    • mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys are used, otherwise the copied mails can't be opened

    • vpopmail: Fix compiling

  • Updated perl-Module-Build to 0.4224:

    • Add code to special case dot-in-inc in Build

  • Updated perl-Module-CoreList to 5.20170530:

    • Updated for v5.26.0

Recent