Friday 16th January 2026
Local Packages
Updated dovecot to 2.4.2:
CVE-2025-30189: passdb oauth2 (not oauth2 mechanism), passdb passwd, passdb bsdauth, and userdb passwd drivers would cause users to be cached with same cache key when auth cache was enabled
auth: Remove proxy_always field
- config: Change settings history parsing to use python3
doveadm: Print table formatter - print empty values as "-"
imapc: Propagate remote error codes properly
lda: Default mail_home=$HOME environment if not using userdb lookup
lib-dcrypt: Salt for new version 2 keys has been increased to 16 bytes
lib-dregex: Add libpcre2 based regular expression support to Dovecot; if the library is missing, disable all regular expressions (this adds libpcre2-32 as build dependency)
lib-oauth2: jwt - Allow nbf and iat to point 1 second into future
lib: Replace libicu with our own unicode library; removes libicu as build dependency
login-common: If proxying fails due to remote having invalid SSL cert, don't reconnect
auth: Add ssl_client_cert_fp and ssl_client_cert_pubkey_fp fields, see https://doc.dovecot.org/latest/core/summaries/settings.html#ssl_peer_certificate_fingerprint_hash for more information
config: Add support for $SET:filter/path/setting
config: Improve @group includes to work with overwriting their settings
doveadm kick: Add support for kicking multiple usernames
doveadm mailbox status: Add support for deleted status item
imap, imap-client: Add experimental partial IMAP4rev2 support
imap: Implement support for UTF8=ACCEPT for APPEND
lib-oauth2, oauth2: Add oauth2_token_expire_grace setting
lmtp: lmtp-client - Support command pipelining
login-common: Support local/remote blocks better
master: accept() unix/inet connections before creating child process to handle it; this reduces timeouts when child processes are slow to spawn themselves
SMTPUTF8 was accepted even when it wasn't enabled
auth, *-login: Direct logging with -L parameter was not working
auth: Crash occured when OAUTH token validation failed with oauth2_use_worker_with_mech=yes
auth: Invalid field handling crashes were fixed
auth: ldap - Potential crash could happen at deinit
auth: mech-gssapi - Server sending empty initial response would cause errors
auth: mech-winbind - GSS-SPNEGO mechanism was erroneously marked as not accepting NUL
config: Multiple issues with $SET handling have been fixed
- configure: Building without LDAP didn't work
doveadm: If source user didn't exist, a crash would occur
imap, pop3, submission, imap-urlauth: USER environment usage was broken when running standalone
imap-hibernate: Statistics would get truncated on unhibernation
imap: "SEARCH MIMEPART FILENAME ENDS" command could have accessed memory outside allocated buffer, resulting in a crash
imapc: Fetching partial headers would cause other cached headers to be cached empty, breaking e.g. imap envelope responses when caching to disk
imapc: Shared namespace's INBOX mailbox was not always uppercased
imapc: imapc_features=guid-forced GUID generation was not working correctly
lda: USER environment was not accepted if -d hasn't been specified
lib-http: http-url - Significant path percent encoding through parse and create was not preserved; this is mainly important for Dovecot's lua bindings for lib-http
lib-settings: Crash would occur when using %variables in SET_FILE type settings
lib-storage: Attachment flags were attempted to be added for readonly mailboxes with mail_attachment_flags=add-flags
lib-storage: Root directory for unusable shared namespaces was unnecessarily attempted to be created
- lib: Crash would occur when config was reloaded and logging to syslog
login-common: Crash might have occured when login proxy was destroyed
sqlite: The sqlite_journal_mode=wal setting didn't actually do anything
- Many other bugs have been fixed
Updated pigeonhole to 2.4.2:
lib-sieve: Use new regular expression library in core
managesieve: Add default service_extra_groups=$SET:default_internal_group
lib-sieve: Add support for "extlists" extension
lib-sieve: regex - Allow unicode comparator
lib-sieve-tool: sieve-tool - All sieve_script settings were overridden
lib-sieve: storage: dict: sieve_script_dict filter was missing from settings
sieve-ldap-storage: Fix compile without LDAP
Rebuilt ansible-collection-community-libvirt (2.0.0), bluefish (2.2.19), check (0.15.2), curl (8.18.0), davfs2 (1.7.2) and Judy (1.0.5) for the Fedora_44_Mass_Rebuild