PaulHowarth/Blog/2019-12-06

Friday 6th December 2019

Local Packages

  • Updated dovecot:

    • Updated dovecot to 2.3.9:

      • Changed several event field names for consistency and to avoid conflicts in parent-child event relationships:

        • SMTP server command events: Renamed "name" to "cmd_name"

        • Events inheriting from a mailbox: Renamed "name" to "mailbox"

        • Server connection events have only "remote_ip", "remote_port", "local_ip" and "local_port"

        • Removed duplicate "client_ip", "ip" and "port"

        • Mail storage events: Removed "service" field; use "service:<name>" category instead

        • HTTP client connection events: Renamed "host" to "dest_host" and "port" to "dest_port"

      • auth: Drop Postfix socketmap support: it hasn't been working with recent Postfix versions for a while now

      • push-notification-lua: The "subject" field is now decoded to UTF8 instead of kept as MIME-encoded

      • push-notification-lua: Added new "from_address", "from_display_name", "to_address" and "to_display_name" fields; the display names are decoded to UTF8

      • Added various new fields to existing events; see http://doc.dovecot.net/admin_manual/list_of_events.html

      • Add lmtp_add_received_header setting; it can be used to prevent LMTP from adding "Received:" headers

      • doveadm: Support SSL/STARTTLS for proxied doveadm connections based on doveadm_ssl setting and proxy ssl/tls settings

      • Log filters support now "service:<name>", which matches all events for the given service; it can also be used as a category

      • lib: Use libunwind to get abort backtraces with function names where available

      • lmtp: When the LMTP proxy changes the username (from passdb lookup), add an appropriate ORCPT parameter

      • lmtp: Add lmtp_client_workarounds setting to implement workarounds for clients that send MAIL and RCPT commands with additional spaces before the path and for clients that omit <> brackets around the path; see example-config/conf.d/20-lmtp.conf

      • lda/lmtp: Invalid MAIL FROM addresses were rejected too aggressively; now mails from addresses with unicode characters are delivered, but their Return-Path header will be <> instead of the given MAIL FROM address

      • lmtp: The lmtp_hdr_delivery_address setting is ignored

      • imap: imap_command_finished event's "args" and "human_args" parameters were always empty

      • mbox: Seeking in zlib and bzip2 compressed input streams didn't work correctly

      • imap-hibernate: Process crashed when client got destroyed while it was attempted to be unhibernated, and the unhibernation fails

      • *-login: Proxying may have crashed if SSL handshake to the backend failed immediately; this was unlikely to happen in normal operation

      • *-login: If TLS handshake to upstream server failed during proxying, login process could crash due to invalid memory access

      • *-login: v2.3 regression: Using SASL authentication without initial response may have caused SSL connections to hang; this happened often at least with PHP's IMAP library

      • *-login: When login processes are flooded with authentication attempts, it starts logging errors about "Authentication server sent unknown id"; this is still expected, however, it also caused the login process to disconnect from auth server and potentially log some user's password in the error message

      • dict-sql: SQL prepared statements were not shared between sessions; this resulted in creating a lot of prepared statements, which was especially inefficient when using Cassandra backend with a lot of Cassandra nodes

      • auth: auth_request_finished event didn't have success=yes parameter set for successful authentications

      • auth: userdb dict - Trying to list users crashed

      • submission: Service could be configured to allow anonymous authentication mechanism and anonymous user access

      • LAYOUT=index: Corrupted dovecot.list.index caused folder creation to panic

      • doveadm: HTTP server crashes if request target starts with double "/"

      • dsync: Remote dsync started hanging if the initial doveadm "dsync-server" command was sent in the same TCP packet as the following dsync handshake (v2.3.8 regression)

      • lib: Several "input streams" had a bug that in some rare situations might cause it to access freed memory, which could lead to crashes or corruption; the only currently known effect of this is that using zlib plugin with external mail attachments (mail_attachment_dir) could cause fetching the mail to return a few bytes of garbage data at the beginning of the header (note that the mail wasn't saved corrupted, but fetching it caused corrupted mail to be sent to the client)

      • lib-storage: If a mail only has quoted content, use the quoted text for generating message snippet (IMAP PREVIEW) instead of returning empty snippet

      • lib-storage: When vsize header was rebuilt, newly calculated message sizes were added to dovecot.index.cache instead of being directly saved into vsize records in dovecot.index

      • lib: JSON generator was escaping UTF-8 characters unnecessarily

    • Updated pigeonhole to 0.5.9:

      • Added events for Sieve and ManageSieve, see https://doc.dovecot.org/admin_manual/list_of_events/#pigeonhole

      • Pigeonhole: Implement the Sieve "special-use" extension described in RFC 8579

      • duplicate: Test only compared the handles, which would cause different values to be cached as the same duplicate test; fix to also compare the actual hashes

      • imap_sieve_filter: IMAP FILTER command had various bugs in error handling; errors may have been duplicated for each email, errors may have been missing entirely, command tag and ERRORS/WARNINGS parameters were swapped

  • Updated schily to 2019.12.05

Recent