---------------------------------------------------------------------Fedora Update Notification
FEDORA-2005-037
2005-01-18
---------------------------------------------------------------------Product     : Fedora Core 2
Name        : dovecot
Version     : 0.99.13                      
Release     : 4.FC2                  
Summary     : Dovecot Secure imap server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind.  It also contains a small POP3 server.  It supports mail
in either of maildir or mbox formats.

---------------------------------------------------------------------Update Information:

This is a bug fix update for the Dovecot IMAP server. This brings the
Red Hat Dovecot rpm up to date with the latest upstream release from
Timo Sirainen, version 0.99.13 released on Jan 6th 2005.

Upstream Fixes are noted below and below that are Red Hat specific
fixes.

Please note there have been some changes to the /etc/dovecot.conf
file. When the rpm installs it may create /etc/dovecot.conf.rpmnew
file with the new version of the config file while preserving your
previous /etc/dovecot.conf file if you have modified the config
file. It would be prudent to compare the two files and see if you need
to adjust your configuration.

In dovecot-0.99.13-3.FC2 authentication support using postgres and
mysql was enabled requiring these rpms. This was a change from the
previous dovecot rpm in FC2. This version of the rpm reverts back to
not building with postgres and mysql support to match previous
dependencies and features with the FC2 version of dovecot.

This version of the rpm also reverts a configuration file change that
appeared in dovecot-0.99.13-3.FC2 which had disabled overriding the
default mbox_locks value of "fcntl dotlock". This caused the creation
of dotlocks in addition to fcntl. This was a change from the previous
behavior and created some problems. The previous mbox_lock value of
fcntl only was restored to the config file.

Aside from the upstream fixes notable change in the RPM include:

- University of Washington Imap (UW Imap) migration documentation and
  scripts in the doc area (/usr/share/doc/dovecot-*)

- More example configurations in the doc area.

- The script to generate SSL certificates (mkcert in the doc area) now
  is congruent with Red Hat's OpenSSL rpm.

- The init.d script now starts dovecot later (it used to start it
  before named). If this problem was affecting your installation
  you'll have to chkconfig del and add to recreate the rc.d sym links,
  new installations will automatically pick up the new start order.

- Add a Red Specific FAQ to the doc area, mostly to address issues
  some sites were having with dot lock file creation.

====== Upstream Fixes =====
0.99.13

	* GNUTLS support hasn't been working for a while, so it's not even
	  tried to be used anymore unless explicitly wanted.
	+ Added CRAM-MD5 authentication mechanism. Patch by Joshua Goodall
	+ Added SMD5 and LDAP-MD5 password schemes and changed MD5 scheme to
	  use LDAP-MD5 if the password isn't in MD5crypt format. Patch by
	  Joshua Goodall
	+ Workaround for some POP3 client bugs: if message doesn't contain the
	  "end of headers" empty line, add it automatically.
	+ vpopmail supports now all password schemes, most importantly
	  MD5crypt works now without support from libc's crypt()
	- SQL and LDAP authentication was broken
	- SEARCH UNKEYWORD wasn't working

0.99.12

	- Fix memory leaks in LDAP, MySQL and PGSQL userdb/passdb
	- Fix hanging when parsing mails that have over 4096 bytes in one
	  line (SMTP servers normally don't allow over 1000 bytes so it
	  shouldn't be much of a problem)
	- FETCH BODYSTRUCTURE sometimes gave a wrong reply
	  (eg. with FETCH (BODYSTRUCTURE RFC822.SIZE) if it wasn't cached)
	- Never return more than one INBOX in LIST even if there are such
	  files. They don't work anyway and it just confuses clients.
	- mbox: Don't allow creating INBOX directory by creating/renaming
	  mailboxes under it. They just wouldn't work.
	- POP3: Don't return PLAIN in SASL list. We don't support initial SASL
	  responses, so it only breaks with most clients that try to use it.
	- IMAP and POP3 login processes may have sent each line in two IP
	  packets, one with the data and another with CR+LF. Some clients
	  didn't work because of this.

0.99.11

	+ 127.* and ::1 IP addresses are treated as secured with
	  disable_plaintext_auth = yes
	+ auth_debug setting for extra authentication debugging
	+ Some documentation and error message updates
	+ Create PID file in /var/run/dovecot/master.pid
	+ home setting is now optional in static userdb
	+ Added mail setting to static userdb
	- After APPENDing to selected mailbox Dovecot didn't always notice the
	  new mail immediately which broke some clients
	- THREAD and SORT commands crashed with some mails
	- If APPENDed mail ended with CR character, Dovecot aborted the saving
	- Output streams sometimes sent data duplicated and lost part of it.
	  This could have caused various strange problems, but looks like in
	  practise it rarely caused real problems.

====== Red Hat RPM Fixes =====
- fix bug #145214, mbox_lock is fcntl only in config file, remove dotlock default
- fix bug #145241, remove errant dependency on primary postgres & mysql rpms
- add REDHAT-FAQ.txt to doc directory
- fix bug #143707, bring up to date with latest upstream, 0.99.13, 
- fix bug #14462, bad dovecot-uid macro name
- fix bug #133618, removed LITERAL+ capability from capability string
- fix bug #134325, stop dovecot during installation
- fix bug #129539, dovecot starts too early,
  set chkconfig to 65 35 to match cyrus-imapd
- fix bug #139954, add UW to Dovecot migration documentation and scripts
- fix bug #139276, fix SSL documentation and scripts, add missing documentation
- fix bug #136623 Change License field from GPL to LGPL to reflect
  actual license
- fix bug #124786, listen to ipv6 as well as ipv4

---------------------------------------------------------------------* Mon Jan 17 2005 John Dennis  0.99.13-4.FC2

- fix bug #145214, force mbox_locks to fcntl only
- fix bug #145241, remove building of postgres & mysql auth support for FC2


---------------------------------------------------------------------This update can be downloaded from:
  
d35b3ec8813d46573cf98ad9c7b5a07c  SRPMS/dovecot-0.99.13-4.FC2.src.rpm
73cf6874f03aabebb0b7cabd0ea5cf50  x86_64/dovecot-0.99.13-4.FC2.x86_64.rpm
cc0270db6d8d2c57b1352218b389b654  x86_64/debug/dovecot-debuginfo-0.99.13-4.FC2.x86_64.rpm
8e375fa66ddea24ab6123132f60e06c2  i386/dovecot-0.99.13-4.FC2.i386.rpm
5e4f4c63a2986fc3582eaaae4e73b9ea  i386/debug/dovecot-debuginfo-0.99.13-4.FC2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------
-- 
John Dennis 

--fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 2 Update: dovecot-0.99.13-4.FC2

January 18, 2005
This is a bug fix update for the Dovecot IMAP server

Summary

Dovecot is an IMAP server for Linux/UNIX-like systems, written with security

primarily in mind. It also contains a small POP3 server. It supports mail

in either of maildir or mbox formats.

This is a bug fix update for the Dovecot IMAP server. This brings the

Red Hat Dovecot rpm up to date with the latest upstream release from

Timo Sirainen, version 0.99.13 released on Jan 6th 2005.

Upstream Fixes are noted below and below that are Red Hat specific

fixes.

Please note there have been some changes to the /etc/dovecot.conf

file. When the rpm installs it may create /etc/dovecot.conf.rpmnew

file with the new version of the config file while preserving your

previous /etc/dovecot.conf file if you have modified the config

file. It would be prudent to compare the two files and see if you need

to adjust your configuration.

In dovecot-0.99.13-3.FC2 authentication support using postgres and

mysql was enabled requiring these rpms. This was a change from the

previous dovecot rpm in FC2. This version of the rpm reverts back to

not building with postgres and mysql support to match previous

dependencies and features with the FC2 version of dovecot.

This version of the rpm also reverts a configuration file change that

appeared in dovecot-0.99.13-3.FC2 which had disabled overriding the

default mbox_locks value of "fcntl dotlock". This caused the creation

of dotlocks in addition to fcntl. This was a change from the previous

behavior and created some problems. The previous mbox_lock value of

fcntl only was restored to the config file.

Aside from the upstream fixes notable change in the RPM include:

- University of Washington Imap (UW Imap) migration documentation and

scripts in the doc area (/usr/share/doc/dovecot-*)

- More example configurations in the doc area.

- The script to generate SSL certificates (mkcert in the doc area) now

is congruent with Red Hat's OpenSSL rpm.

- The init.d script now starts dovecot later (it used to start it

before named). If this problem was affecting your installation

you'll have to chkconfig del and add to recreate the rc.d sym links,

new installations will automatically pick up the new start order.

- Add a Red Specific FAQ to the doc area, mostly to address issues

some sites were having with dot lock file creation.

====== Upstream Fixes =====

0.99.13

* GNUTLS support hasn't been working for a while, so it's not even

tried to be used anymore unless explicitly wanted.

+ Added CRAM-MD5 authentication mechanism. Patch by Joshua Goodall

+ Added SMD5 and LDAP-MD5 password schemes and changed MD5 scheme to

use LDAP-MD5 if the password isn't in MD5crypt format. Patch by

Joshua Goodall

+ Workaround for some POP3 client bugs: if message doesn't contain the

"end of headers" empty line, add it automatically.

+ vpopmail supports now all password schemes, most importantly

MD5crypt works now without support from libc's crypt()

- SQL and LDAP authentication was broken

- SEARCH UNKEYWORD wasn't working

0.99.12

- Fix memory leaks in LDAP, MySQL and PGSQL userdb/passdb

- Fix hanging when parsing mails that have over 4096 bytes in one

line (SMTP servers normally don't allow over 1000 bytes so it

shouldn't be much of a problem)

- FETCH BODYSTRUCTURE sometimes gave a wrong reply

(eg. with FETCH (BODYSTRUCTURE RFC822.SIZE) if it wasn't cached)

- Never return more than one INBOX in LIST even if there are such

files. They don't work anyway and it just confuses clients.

- mbox: Don't allow creating INBOX directory by creating/renaming

mailboxes under it. They just wouldn't work.

- POP3: Don't return PLAIN in SASL list. We don't support initial SASL

responses, so it only breaks with most clients that try to use it.

- IMAP and POP3 login processes may have sent each line in two IP

packets, one with the data and another with CR+LF. Some clients

didn't work because of this.

0.99.11

+ 127.* and ::1 IP addresses are treated as secured with

disable_plaintext_auth = yes

+ auth_debug setting for extra authentication debugging

+ Some documentation and error message updates

+ Create PID file in /var/run/dovecot/master.pid

+ home setting is now optional in static userdb

+ Added mail setting to static userdb

- After APPENDing to selected mailbox Dovecot didn't always notice the

new mail immediately which broke some clients

- THREAD and SORT commands crashed with some mails

- If APPENDed mail ended with CR character, Dovecot aborted the saving

- Output streams sometimes sent data duplicated and lost part of it.

This could have caused various strange problems, but looks like in

practise it rarely caused real problems.

====== Red Hat RPM Fixes =====

- fix bug #145214, mbox_lock is fcntl only in config file, remove dotlock default

- fix bug #145241, remove errant dependency on primary postgres & mysql rpms

- add REDHAT-FAQ.txt to doc directory

- fix bug #143707, bring up to date with latest upstream, 0.99.13,

- fix bug #14462, bad dovecot-uid macro name

- fix bug #133618, removed LITERAL+ capability from capability string

- fix bug #134325, stop dovecot during installation

- fix bug #129539, dovecot starts too early,

set chkconfig to 65 35 to match cyrus-imapd

- fix bug #139954, add UW to Dovecot migration documentation and scripts

- fix bug #139276, fix SSL documentation and scripts, add missing documentation

- fix bug #136623 Change License field from GPL to LGPL to reflect

actual license

- fix bug #124786, listen to ipv6 as well as ipv4

- fix bug #145214, force mbox_locks to fcntl only

- fix bug #145241, remove building of postgres & mysql auth support for FC2

d35b3ec8813d46573cf98ad9c7b5a07c SRPMS/dovecot-0.99.13-4.FC2.src.rpm

73cf6874f03aabebb0b7cabd0ea5cf50 x86_64/dovecot-0.99.13-4.FC2.x86_64.rpm

cc0270db6d8d2c57b1352218b389b654 x86_64/debug/dovecot-debuginfo-0.99.13-4.FC2.x86_64.rpm

8e375fa66ddea24ab6123132f60e06c2 i386/dovecot-0.99.13-4.FC2.i386.rpm

5e4f4c63a2986fc3582eaaae4e73b9ea i386/debug/dovecot-debuginfo-0.99.13-4.FC2.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

--

John Dennis

--fedora-announce-list mailing list

fedora-announce-list@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-announce-list

FEDORA-2005-037 2005-01-18 Name : dovecot Version : 0.99.13 Release : 4.FC2 Summary : Dovecot Secure imap server Description : Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. This is a bug fix update for the Dovecot IMAP server. This brings the Red Hat Dovecot rpm up to date with the latest upstream release from Timo Sirainen, version 0.99.13 released on Jan 6th 2005. Upstream Fixes are noted below and below that are Red Hat specific fixes. Please note there have been some changes to the /etc/dovecot.conf file. When the rpm installs it may create /etc/dovecot.conf.rpmnew file with the new version of the config file while preserving your previous /etc/dovecot.conf file if you have modified the config file. It would be prudent to compare the two files and see if you need to adjust your configuration. In dovecot-0.99.13-3.FC2 authentication support using postgres and mysql was enabled requiring these rpms. This was a change from the previous dovecot rpm in FC2. This version of the rpm reverts back to not building with postgres and mysql support to match previous dependencies and features with the FC2 version of dovecot. This version of the rpm also reverts a configuration file change that appeared in dovecot-0.99.13-3.FC2 which had disabled overriding the default mbox_locks value of "fcntl dotlock". This caused the creation of dotlocks in addition to fcntl. This was a change from the previous behavior and created some problems. The previous mbox_lock value of fcntl only was restored to the config file. Aside from the upstream fixes notable change in the RPM include: - University of Washington Imap (UW Imap) migration documentation and scripts in the doc area (/usr/share/doc/dovecot-*) - More example configurations in the doc area. - The script to generate SSL certificates (mkcert in the doc area) now is congruent with Red Hat's OpenSSL rpm. - The init.d script now starts dovecot later (it used to start it before named). If this problem was affecting your installation you'll have to chkconfig del and add to recreate the rc.d sym links, new installations will automatically pick up the new start order. - Add a Red Specific FAQ to the doc area, mostly to address issues some sites were having with dot lock file creation. ====== Upstream Fixes ===== 0.99.13 * GNUTLS support hasn't been working for a while, so it's not even tried to be used anymore unless explicitly wanted. + Added CRAM-MD5 authentication mechanism. Patch by Joshua Goodall + Added SMD5 and LDAP-MD5 password schemes and changed MD5 scheme to use LDAP-MD5 if the password isn't in MD5crypt format. Patch by Joshua Goodall + Workaround for some POP3 client bugs: if message doesn't contain the "end of headers" empty line, add it automatically. + vpopmail supports now all password schemes, most importantly MD5crypt works now without support from libc's crypt() - SQL and LDAP authentication was broken - SEARCH UNKEYWORD wasn't working 0.99.12 - Fix memory leaks in LDAP, MySQL and PGSQL userdb/passdb - Fix hanging when parsing mails that have over 4096 bytes in one line (SMTP servers normally don't allow over 1000 bytes so it shouldn't be much of a problem) - FETCH BODYSTRUCTURE sometimes gave a wrong reply (eg. with FETCH (BODYSTRUCTURE RFC822.SIZE) if it wasn't cached) - Never return more than one INBOX in LIST even if there are such files. They don't work anyway and it just confuses clients. - mbox: Don't allow creating INBOX directory by creating/renaming mailboxes under it. They just wouldn't work. - POP3: Don't return PLAIN in SASL list. We don't support initial SASL responses, so it only breaks with most clients that try to use it. - IMAP and POP3 login processes may have sent each line in two IP packets, one with the data and another with CR+LF. Some clients didn't work because of this. 0.99.11 + 127.* and ::1 IP addresses are treated as secured with disable_plaintext_auth = yes + auth_debug setting for extra authentication debugging + Some documentation and error message updates + Create PID file in /var/run/dovecot/master.pid + home setting is now optional in static userdb + Added mail setting to static userdb - After APPENDing to selected mailbox Dovecot didn't always notice the new mail immediately which broke some clients - THREAD and SORT commands crashed with some mails - If APPENDed mail ended with CR character, Dovecot aborted the saving - Output streams sometimes sent data duplicated and lost part of it. This could have caused various strange problems, but looks like in practise it rarely caused real problems. ====== Red Hat RPM Fixes ===== - fix bug #145214, mbox_lock is fcntl only in config file, remove dotlock default - fix bug #145241, remove errant dependency on primary postgres & mysql rpms - add REDHAT-FAQ.txt to doc directory - fix bug #143707, bring up to date with latest upstream, 0.99.13, - fix bug #14462, bad dovecot-uid macro name - fix bug #133618, removed LITERAL+ capability from capability string - fix bug #134325, stop dovecot during installation - fix bug #129539, dovecot starts too early, set chkconfig to 65 35 to match cyrus-imapd - fix bug #139954, add UW to Dovecot migration documentation and scripts - fix bug #139276, fix SSL documentation and scripts, add missing documentation - fix bug #136623 Change License field from GPL to LGPL to reflect actual license - fix bug #124786, listen to ipv6 as well as ipv4 - fix bug #145214, force mbox_locks to fcntl only - fix bug #145241, remove building of postgres & mysql auth support for FC2 d35b3ec8813d46573cf98ad9c7b5a07c SRPMS/dovecot-0.99.13-4.FC2.src.rpm 73cf6874f03aabebb0b7cabd0ea5cf50 x86_64/dovecot-0.99.13-4.FC2.x86_64.rpm cc0270db6d8d2c57b1352218b389b654 x86_64/debug/dovecot-debuginfo-0.99.13-4.FC2.x86_64.rpm 8e375fa66ddea24ab6123132f60e06c2 i386/dovecot-0.99.13-4.FC2.i386.rpm 5e4f4c63a2986fc3582eaaae4e73b9ea i386/debug/dovecot-debuginfo-0.99.13-4.FC2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -- John Dennis --fedora-announce-list mailing list fedora-announce-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : dovecot
Version : 0.99.13
Release : 4.FC2
Summary : Dovecot Secure imap server

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved