Change log for dovecot package in Debian
| 1 → 75 of 146 results | First • Previous • Next • Last |
| Published in sid-release |
dovecot (1:2.3.21+dfsg1-3) unstable; urgency=medium * [883dc1a] Add libtirpc-dev to build-depends (Closes: #1065213) -- Noah Meyerhans <email address hidden> Sat, 09 Mar 2024 22:31:22 -0800
| Superseded in sid-release |
dovecot (1:2.3.21+dfsg1-2) unstable; urgency=medium [ Christian Göttsche ] * [a2fbc2f] split-protocols.patch: patch all-settings.c to successfully build twice (Closes: #1044797) [ Noah Meyerhans ] * [70e4426] Drop arm64 from libunwind builddep arch list -- Noah Meyerhans <email address hidden> Mon, 30 Oct 2023 13:40:35 -0700
| Superseded in sid-release |
dovecot (1:2.3.21+dfsg1-1) unstable; urgency=medium [ Noah Meyerhans ] * [753b4fe] Don't build the unmaintained lucene fts plugin (Closes: #1040884) * [5597486] New upstream version 2.3.21+dfsg1 [ Christian Göttsche ] * [b8017f1] Cleanup temporary build files * [35e1afe] Silence prototype conflicts * [8dda8b9] Update Lintian overrides * [6bae82f] Bump to standards version 4.6.2 (no further changes) * [1f973d2] Mark hurd patch forwarded -- Noah Meyerhans <email address hidden> Sat, 14 Oct 2023 08:52:10 -0700
| Superseded in sid-release |
dovecot (1:2.3.20+dfsg1-1) unstable; urgency=medium [ Christian Göttsche ] * [fb2a5b7] d/rules: enable stack clash protection * [2666970] d/patches: bump _FORTIFY_SOURCE to level 3 [ Noah Meyerhans ] * [eab5171] New upstream version 2.3.20+dfsg1 * [d6135a4] Drop dependency on obsolete lsb-base package -- Noah Meyerhans <email address hidden> Sun, 25 Jun 2023 16:17:56 -0700
dovecot (1:2.3.19.1+dfsg1-2.1) unstable; urgency=medium
* Non-maintainer upload.
* [b02ebc9] Don't use deprecated crypt module.
(closes: #1028513)
-- Bas Couwenberg <email address hidden> Fri, 20 Jan 2023 07:01:26 +0100
| Published in bullseye-release |
dovecot (1:2.3.13+dfsg1-2+deb11u1) bullseye; urgency=medium * [4b5dac8] d/patches: cherry-pick fix for CVE-2022-30550 (Closes: #1016351) * [597ba7f] salsa-ci: build with bullseye -- Noah Meyerhans <email address hidden> Sun, 31 Jul 2022 17:47:06 -0700
| Superseded in sid-release |
dovecot (1:2.3.19.1+dfsg1-2) unstable; urgency=medium [ Christian Göttsche ] * [281fb2c] d/patches: cherry-pick fix for CVE-2022-30550 (Closes: #1016351) * [9c58e71] d/patches: fix uninitialized read in doveadm-oldstats * [a76a24d] d/control: bump to standards version 4.6.1 (no further changes) * [4aaaa8b] Update Lintian overrides -- Noah Meyerhans <email address hidden> Fri, 29 Jul 2022 19:58:28 -0700
| Superseded in sid-release |
dovecot (1:2.3.19.1+dfsg1-1) unstable; urgency=medium [ Christian Göttsche ] * [e40f93f] d/patches: avoid usage of PATH_MAX not available on hurd * [19e00cd] d/rules: enable backtrace generation * [5bf1c43] d/patches: debug flaky unit test [ Noah Meyerhans ] * [b73422f] New upstream version 2.3.19.1+dfsg1 * [c88bfc0] Update changelog for 1:2.3.19.1+dfsg1-1 release * [ca59548] Update lintian overrides * [d6406c2] d/copyright: update declarations for current maintainers -- Noah Meyerhans <email address hidden> Wed, 22 Jun 2022 09:27:01 -0700
| Superseded in sid-release |
dovecot (1:2.3.19+dfsg1-1) unstable; urgency=medium [ Christian Göttsche ] * [0d29e45] d/rules: enable LTO via DEB_BUILD_MAINT_OPTIONS instead of custom flags * [560cceb] d/source/lintian-overrides: update very-long-line-length-in-source-file overrides * [b99d09e] d/copyright: update years * [9ee8271] d/dovecot-core.prerm: drop as superseded by debhelper * [907f85c] d/maintscripts: update * [2b38240] d/dovecot-core.postinst: drop support for version skips * [dcb76d1] d/dovecot-core.postinst: only link certs if existent (Closes: #1009872) * [d223bbd] d/patches: add patch to support openssl 3.0 (Closes: #996273) [ Noah Meyerhans ] * [9f3175e] New upstream version 2.3.19+dfsg1 -- Noah Meyerhans <email address hidden> Sun, 05 Jun 2022 18:29:18 +0000
| Superseded in sid-release |
dovecot (1:2.3.18+dfsg1-1) unstable; urgency=medium [ Noah Meyerhans ] * [36966c8] New upstream version 2.3.18+dfsg1 * [042bda4] Refresh patches for 1:2.3.18+dfsg1-1 -- "Noah Meyerhans" <email address hidden> Thu, 10 Feb 2022 20:05:50 +0000
| Superseded in sid-release |
dovecot (1:2.3.17.1+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [40b0010] New upstream version 2.3.17+dfsg1
* [3c377e0] New upstream version 2.3.17.1+dfsg1
* [e2f1ce2] d/patches: rebase and drop upstream applied ones
* [533b7ad] d/control: bump to standards version 4.6.0 (no further changes)
* [02ed6cf] debian: reduce Lintian issues
* [bb3ae48] d/salsa-ci.yml: skip cross build and do not fail on Lintian
warnings
* [bcda7e4] d/control: build against Lua 5.4
* [9eed0dd] d/control: enable libunwind support on available archs
* [1990699] d/patches: cherry-pick memory leak commit
* [426df46] d/patches: cherry-pick imapsieve fix
* [e3d0747] d/patches: add patch for LTO by avoiding unaligned access
-- Noah Meyerhans <email address hidden> Tue, 14 Dec 2021 09:24:23 -0800
| Superseded in sid-release |
dovecot (1:2.3.16+dfsg1-3) unstable; urgency=medium
* [7b858b6] Fix FTBFS on mips(64)el. Stacktrace generation on these
architectures requires -funwind-tables, as with 32-bit arm.
-- Noah Meyerhans <email address hidden> Thu, 16 Sep 2021 08:41:27 -0700
| Superseded in sid-release |
dovecot (1:2.3.16+dfsg1-2) unstable; urgency=medium [ Christian Göttsche ] * [e1e9ece] d/patches: rework backtrace test patch * [be404bf] d/patches: add big-endian patch -- Noah Meyerhans <email address hidden> Fri, 10 Sep 2021 16:10:50 -0700
| Superseded in sid-release |
dovecot (1:2.3.16+dfsg1-1) unstable; urgency=medium [ Christian Göttsche ] * [ff4a227] New upstream version 2.3.14+dfsg1 * [963fa3b] New upstream version 2.3.15+dfsg1 (Closes: #991323, #983510) * [5e0c898] d/watch: adjust dversionmangle for dfsg suffix * [9ffb0f5] d/patches: update * [850e1d6] New upstream version 2.3.16+dfsg1 * [7140b87] d/patches: rebase patches * [fb1b77e] d/rules: enable LTO * [ce7055d] d/control: add libsystemd-dev dependency * [db93263] d/copyright: drop unused section * [aeec1e8] d/rules: update how to set systemdsystemunitdir * [ebe9709] d/patches: resolve compiler warnings * [19b2bb0] d/changelog: bump to 1:2.3.16+dfsg1-1 * [58a4078] d/patches: update 32bit warnings patch [ Noah Meyerhans ] * [f217c2e] Fix indexer crash * [b075317] Import upstream patch for indexer crash on client disconnect * [36e8740] drop debian/dovecot-core.maintscript -- Noah Meyerhans <email address hidden> Thu, 02 Sep 2021 13:22:16 -0700
dovecot (1:2.3.13+dfsg1-2) unstable; urgency=high
* Import upstream fixes for security issues (Closes: #990566):
- CVE-2021-29157: Path traversal issue allowing an attacker with
access to the local filesystem can trick OAuth2 authentication into
using an HS256 validation key from an attacker-controlled location
- CVE-2021-33515: Sensitive information could be redirected to an
attacker-controlled address because of a STARTTLS command injection
bug in the submission service
-- Noah Meyerhans <email address hidden> Tue, 20 Jul 2021 08:05:19 -0700
| Published in buster-release |
dovecot (1:2.3.4.1-5+deb10u6) buster; urgency=medium
* Backport upstream fix for crash that occurred when searching mailboxes
containing malformed MIME messages. (Closes: #970386)
-- Noah Meyerhans <email address hidden> Wed, 27 Jan 2021 16:35:17 -0800
dovecot (1:2.3.13+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [6829237] New upstream version 2.3.13 (Closes: #979363)
- CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
- CVE-2020-25275: MIME parsing crashes with particular messages
* [6d25736] Add libzstd-dev to build-dependencies (Closes: #969165)
* [5956798] Rebase patches
* [2cb63c3] Bump to standards version 4.5.1 (no further changes)
* [548bac5] Drop unmatched copyright src/lib-ntlm/* wildcard
* [6f33f3f] Ignore package-contains-documentation-outside-usr-share-doc
false-positives
* [dde9c94] Handle removed configuration file in postinst
[ Pino Toscano ]
* [04a60e3] d/{control,rules}: disable apparmor support on !linux archs
(Closes: #951869)
[ Helmut Grohne ]
* [e5f9fcb] d/patches: improve cross-compile support (Closes: #979370)
-- Noah Meyerhans <email address hidden> Mon, 25 Jan 2021 15:38:17 -0800
Available diffs
| Superseded in buster-release |
dovecot (1:2.3.4.1-5+deb10u4) buster; urgency=medium
* Import upstream fix for dsync sieve filter sync regression
(Closes: #930919)
* userdb-passwd: Fix getpwent errno handling (Closes: #928492)
-- Noah Meyerhans <email address hidden> Wed, 26 Aug 2020 13:54:40 -0700
| Superseded in sid-release |
dovecot (1:2.3.11.3+dfsg1-2) unstable; urgency=medium
[ Christian Göttsche ]
* [44770f6] Add patch for 32bit compiler warnings
* [053865a] Lintian: remove unused override
* [4ece2e1] Lintian: add forwarded header to Debian specific patches
* [67872b7] Lintian: ignore Debian only man page
* [d30bd7e] Lintian: tag manpage-without-executable got renamed to
spare-manual-page
* [3bdf952] Limit libcap-dev build-dependency to linux-any
* [28f6425] Drop acute accent in man page
* [8c15850] Add patch allowing GSSAPI containing NULL
-- Noah Meyerhans <email address hidden> Wed, 19 Aug 2020 12:06:07 -0700
Available diffs
| Superseded in sid-release |
dovecot (1:2.3.11.3+dfsg1-1) unstable; urgency=high
* New upstream release fixes security issues (Closes: #968302)
- CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to
resource exhaustion as Dovecot attempts to parse it.
- CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
- CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
* Add libcap-dev to build-dependencies to support dropping linux
capabilities.
-- Noah Meyerhans <email address hidden> Thu, 13 Aug 2020 16:21:24 -0700
Available diffs
| Superseded in buster-release |
dovecot (1:2.3.4.1-5+deb10u2) buster-security; urgency=high
* Non-maintainer upload by the Security Team.
* Apply upstream fixes for CVE-2020-10957, CVE-2020-10958 and CVE-2020-10967
(Closes: #960963)
- lib-smtp: smtp-server-cmd-vrfy - Restructure parameter parsing.
- lib-smtp: smtp-syntax - Do not allow NULL return parameters for
smtp_string_parse().
- lib-smtp: smtp-syntax - Do not allow NULL return parameters for
smtp_xtext_parse().
- lib-smtp: syntax: Fix smtp_ehlo_line_parse() to also record the last
parameter.
- lib-smtp: smtp-syntax - Do not allow NULL return parameters for
smtp_ehlo_line_parse().
- lib-smtp: smtp-syntax - Return 0 for smtp_string_parse() with empty
input.
- lib-smtp: Add tests for smtp_string_parse() and smtp_string_write().
- lib-smtp: test-smtp-server-errors - Add tests for VRFY and NOOP commands
with invalid parameters.
- lib-smtp: server: command: Move core of
smtp_server_command_submit_reply() into a separate function.
- lib-smtp: smtp-server-command - Assign cmd->reg immediately.
- lib-smtp: smtp-server-command - Guarantee that non-destroy hooks aren't
called for an ended command.
- lib-smtp: smtp-server-command - Perform initial command execution in
separate function.
- lib-smtp: smtp-server-connection - Hold a command reference while
executing a command.
- lib-smtp: test-smtp-server-errors - Add tests for large series of empty
and bad commands.
- lib-smtp: smtp-address - Don't return NULL from smtp_address_clone*()
unless the input is NULL.
- lib-smtp: smtp-address - Don't recognize an address with empty localpart
as <>.
- lmtp: lmtp-commands - Explicity prohibit empty RCPT path.
-- Salvatore Bonaccorso <email address hidden> Mon, 18 May 2020 22:09:08 +0200
| Superseded in sid-release |
dovecot (1:2.3.10.1+dfsg1-2) unstable; urgency=medium
* Support sd_notify with systemd (Closes: #951722)
* Add necessary CFLAGS and LDFLAGS settings to ensure functional backtrace
generation. (Closes: #962630)
* Suppress additional library-not-linked-against-libc lintian warnings some
plugins as false-positives, observed on armel systems
[ Andreas Hasenack ]
* d/t/control, d/t/testmails: cherry-pick updated autopkgtests from
Ubuntu's 1:2.2.35-2ubuntu1:
- d/t/testmails: dropped the hardcoded "Ubuntu" name from the banner
text and made it distribution agnostic
- d/t/control: added lsb-release to test dependencies, used to get the
distribution name
-- Noah Meyerhans <email address hidden> Tue, 16 Jun 2020 08:29:02 -0700
Available diffs
| Superseded in sid-release |
dovecot (1:2.3.10.1+dfsg1-1) unstable; urgency=medium
* New upstream release addresses multiple security issues
- CVE-2020-10957
- CVE-2020-10958
- CVE-2020-10967
(Closes: #960963)
* Refresh patches
* Strip non-DFSG-compliant docs from .orig archives
* Incorporate a number of improvements to debian/ metadata contributed by
Christian Göttsche <email address hidden>
* Add <email address hidden> to Uploaders
* Work around flakiness in autopkgtest suite
* Suppress library-not-linked-against-libc lintian warnings some plugins as
false-positives
-- Noah Meyerhans <email address hidden> Wed, 10 Jun 2020 10:41:37 -0700
Available diffs
| Published in stretch-release |
dovecot (1:2.2.27-3+deb9u5) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix CVE-2019-11500
- lib-imap: Don't accept strings with NULs
- lib-imap: Make sure str_unescape() won't be writing past allocated
memory
- lib-managesieve: Don't accept strings with NULs
- lib-managesieve: Make sure str_unescape() won't be writing past
allocated memory
-- Salvatore Bonaccorso <email address hidden> Sun, 25 Aug 2019 15:29:44 +0200
| Superseded in buster-release |
dovecot (1:2.3.4.1-5+deb10u1) buster-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix CVE-2019-11500
- lib-imap: Don't accept strings with NULs
- lib-imap: Make sure str_unescape() won't be writing past allocated
memory
- lib-managesieve: Don't accept strings with NULs
- lib-managesieve: Make sure str_unescape() won't be writing past
allocated memory
-- Salvatore Bonaccorso <email address hidden> Sun, 25 Aug 2019 10:54:21 +0200
| Superseded in sid-release |
dovecot (1:2.3.7.2-1) unstable; urgency=medium
* [dcaf24e] New upstream version 2.3.7.2
- Fixes CVE-2019-11500 for dovecot-core
* [111beef] Update pigeonhole to 0.5.7.2
- Fixes CVE-2019-11500 for pigeonhole/managesieve
* [a422c4c] Bump Standards-Version to 4.4.0; no changes needed
* [56e37ed] Bump dh compat to 12; no changes needed.
- Drop d/compat in favor debhelper-compat B-D.
* [476edbd] Refresh dovecot_name.patch and ssl-cert-location.patch
* [9dc7904] Drop patches included in 2.3.7.2.
- CVE-2019-10691
- CVE-2019-11494
- CVE-2019-11499
- CVE-2019-7524
- avoid-double-closing-mysql.patch
- lib-master-test-event-stats-Use-PRIu64-format.patch
-- Apollon Oikonomopoulos <email address hidden> Thu, 29 Aug 2019 11:55:51 +0300
dovecot (1:2.3.4.1-5) unstable; urgency=medium
* [bd00402] Fix CVE-2019-11494 and CVE-2019-11499 (Closes: #928235)
- submission-login: fix null pointer dereference when client
disconnects during authentication (CVE-2019-11494)
- submission-login: fix assert-crash when receiving an invalid
authentication message over TLS (CVE-2019-11499)
-- Apollon Oikonomopoulos <email address hidden> Mon, 29 Apr 2019 23:35:05 +0300
| Superseded in stretch-release |
dovecot (1:2.2.27-3+deb9u4) stretch-security; urgency=high
* [d402493] Fix two buffer overflows when reading oversized FTS headers
and/or oversized POP3-UIDL headers (CVE-2019-7524).
-- Apollon Oikonomopoulos <email address hidden> Mon, 25 Mar 2019 22:10:49 +0200
dovecot (1:2.3.4.1-4) unstable; urgency=high * [d04d4ba] Fix assert-crash in JSON encoder (CVE-2019-10691) -- Apollon Oikonomopoulos <email address hidden> Thu, 18 Apr 2019 10:21:19 +0300
dovecot (1:2.3.4.1-3) unstable; urgency=high
* [07c9212] Fix two buffer overflows when reading oversized FTS headers
and/or oversized POP3-UIDL headers (CVE-2019-7524).
-- Apollon Oikonomopoulos <email address hidden> Mon, 25 Mar 2019 23:06:01 +0200
dovecot (1:2.3.4.1-2) unstable; urgency=medium
[ Laurent Bigonville ]
* [ac99918] Fix double-free crash in mysql driver
Fix double closing of the connection in the mysql driver, this should
fix the crash in the dovecot auth process, taken from upstream.
(Closes: #918339)
[ Apollon Oikonomopoulos ]
* [8a30446] Bump Standards-Version to 4.3.0; no changes needed
-- Apollon Oikonomopoulos <email address hidden> Thu, 14 Mar 2019 11:02:39 +0200
dovecot (1:2.3.4.1-1) unstable; urgency=high
* [bebf0b4] New upstream version 2.3.4.1
+ Fixes CVE-2019-3814: TLS client auth username handling
-- Apollon Oikonomopoulos <email address hidden> Tue, 05 Feb 2019 16:19:12 +0200
dovecot (1:2.3.4-2) unstable; urgency=medium
* [51d1317] Fix FTBFS on 32-bit platforms.
Cherry-pick upstream commit de42b54, fixing the event-stats test on
32-bit platforms.
-- Apollon Oikonomopoulos <email address hidden> Sat, 24 Nov 2018 02:02:17 +0200
dovecot (1:2.3.4-1) unstable; urgency=medium * [14c247f] New upstream version 2.3.4 * [7fed004] Update pigeonhole to 0.5.4 -- Apollon Oikonomopoulos <email address hidden> Fri, 23 Nov 2018 22:00:06 +0200
dovecot (1:2.3.3-1) unstable; urgency=medium [ Jelmer Vernooij ] * Trim trailing whitespace. [ Apollon Oikonomopoulos ] * [6591a99] New upstream version 2.3.3 * [3d718ec] Bump Standards-Version to 4.2.1; no changes needed * [123bd32] Update pigeonhole to 0.5.3 -- Apollon Oikonomopoulos <email address hidden> Thu, 04 Oct 2018 17:29:40 +0300
dovecot (1:2.3.2.1-1) unstable; urgency=medium * [40ba9f0] New upstream bugfix release 2.3.2.1 * [87045ac] Drop fix-ftbfs-on-32bit.patch; merged upstream * [5bb22a4] Bump Standards-Version to 4.1.5; no changes needed -- Apollon Oikonomopoulos <email address hidden> Tue, 10 Jul 2018 17:51:43 +0300
dovecot (1:2.3.2-2) unstable; urgency=medium
* [48067de] Fix FTBFS on 32-bit platforms by cherry-picking upstream commit
1e23986f.
-- Apollon Oikonomopoulos <email address hidden> Wed, 04 Jul 2018 12:43:14 +0300
dovecot (1:2.3.2-1) unstable; urgency=medium
* [bb03669] New upstream version 2.3.2
+ Upload to unstable
* [d29da3a] Merge 2.3 package changes from experimental. Important changes:
+ [b3d1e17] Enable AppArmor support, see
https://wiki2.dovecot.org/Plugins/Apparmor
• B-D on libapparmor-dev
+ [c0c55bd] Enable Lua scripting support for authdb/passdb.
• B-D on liblua5.3-dev
• New binary package, dovecot-auth-lua
+ [4f6792e] Build with sodium support, enabling the ARGON2I and ARGON2ID
password schemes.
• B-D on libsodium-dev
+ [54347e7] Build with ICU support enabling FTS unicode normalization
• B-D on libicu-dev
+ New dovecot-submissiond binary package for the dovecot submission agent;
see https://wiki2.dovecot.org/Submission.
* [4db4813] Change maintainer address to <email address hidden>
* [5118354] Update pigeonhole to 0.5.2
* [52a7af4] Drop murmur3-big-endian.patch; merged upstream
* [22a6eee] Refresh dovecot_name.patch
* [3af7568] dovecot_name.patch: apply to submissiond as well
-- Apollon Oikonomopoulos <email address hidden> Wed, 04 Jul 2018 08:57:45 +0300
| Published in jessie-release |
dovecot (1:2.2.13-12~deb8u4) jessie-security; urgency=high
* [eb6eab8] Fix CVE-2017-14461: rfc822_parse_domain information leak
(Closes: #891819)
* [df2ccf9] Fix CVE-2017-15130: TLS SNI config lookups are inefficient and
can be used for DoS (Closes: #891820)
+ Use dh-autoreconf, as src/Makefile.in needs to be regenerated. Also
disable dovecot_name.patch, since it changes dovecot's banner in
conjunction with dh_autoreconf.
* [292742f] Fix CVE-2017-15132: memory leak on aborted SASL auth
(Closes: #888432)
* [3e2ccd1] Add myself to Uploaders
-- Apollon Oikonomopoulos <email address hidden> Thu, 01 Mar 2018 19:12:05 +0200
dovecot (1:2.2.36-1) unstable; urgency=medium
* [19f2274] d/gbp.conf: set merge-mode to "merge" to preserve pigeonhole/
when importing new dovecot sources
* [6b9bf0d] New upstream version 2.2.36
* [be12f22] Bump pigeonhole version to 0.4.24
+ Remove new file under doc/rfc
+ Ship the new imap_filter_sieve module in dovecot-sieve
* [b77be59] Bump Standards-Version to 4.1.4; no changes needed
-- Apollon Oikonomopoulos <email address hidden> Wed, 06 Jun 2018 09:31:49 +0300
| Deleted in experimental-release (Reason: None provided.) |
dovecot (1:2.3.1-2) experimental; urgency=medium * [9354842] Update murmur3-big-endian.patch with upstream commits * [be60b19] Rename dovecot-submission to dovecot-submissiond * [c5f38f9] Bump Standards-Version to 4.1.4; no changes needed -- Apollon Oikonomopoulos <email address hidden> Wed, 06 Jun 2018 12:15:27 +0300
| Superseded in experimental-release |
dovecot (1:2.3.1-1) experimental; urgency=medium
* [d07381b] New upstream version 2.3.1
* [0be1513] Update pigeonhole to 0.5.1
* [b3d1e17] Enable AppArmor support, see
https://wiki2.dovecot.org/Plugins/Apparmor
- B-D on libapparmor-dev
* [c0c55bd] Enable Lua scripting support for authdb/passdb.
- B-D on liblua5.3-dev
- New binary package, dovecot-auth-lua
* [4f6792e] Build with sodium support, enabling the ARGON2I and ARGON2ID
password schemes.
- B-D on libsodium-dev
* [54347e7] Build with ICU support enabling FTS unicode normalization
- B-D on libicu-dev
* [779908e] dovecot-submission: activate dovecot-core's triggers
-- Apollon Oikonomopoulos <email address hidden> Tue, 27 Mar 2018 20:52:14 +0300
| Superseded in experimental-release |
dovecot (1:2.3.0.1-2) experimental; urgency=medium
* [f567eb4] Fix murmur3 hash on big-endian architectures, causing FTBFS.
Thanks to Josef 'Jeff' Sipek.
-- Apollon Oikonomopoulos <email address hidden> Tue, 27 Mar 2018 13:11:40 +0300
| Superseded in experimental-release |
dovecot (1:2.3.0.1-1) experimental; urgency=medium
* [e32a10f] New upstream stable series; see NEWS.Debian for more
information
* [64283fd] d/watch: bump upstream series to 2.3
* [a09dca8] Drop patches no longer needed
- libnss_location.patch: NSS support removed upstream
- systemd-service-fixes.patch: merged upstream
- handle-sslv23-gracefully.patch: upstream refactored SSL support, no
longer necessary
* [3698015] Refresh remaining patches
* [354998c] Update pigeonhole to 0.5.0.1
* [4a6dc2d] Set ssl_dh and ship RFC3526 4096-bit DH parameters
* [ae700a0] Document breaking configuration changes in dovecot-core.NEWS
* [0f4e6c4] New dovecot-submission package
* [dc553a9] d/rules: let $(MOVE) auto-create destination directories
* [3b8b56e] Do not rely on dh_installdirs for directories populated via
$(MOVE)
-- Apollon Oikonomopoulos <email address hidden> Sat, 24 Mar 2018 22:25:51 +0200
dovecot (1:2.2.35-2) unstable; urgency=medium
* [7665652] Use git-subtree to generate pigeonhole patch from git; add
single-debian-patch to d/source/local-options
* [bfa0f10] d/rules: specify libdir manually; previous upload moved modules
under /usr/lib/<triplet>, which was bound to break existing setups
* [982e826] d/copyright: adjust pigeonhole path and bump years
-- Apollon Oikonomopoulos <email address hidden> Thu, 22 Mar 2018 16:56:40 +0200
| Superseded in sid-release |
dovecot (1:2.2.35-1) unstable; urgency=medium
* [8108cba] New upstream version 2.2.35
* [6cbbaa1] Update pigeonhole to 0.4.23 (Closes: #892137)
* [ef40625] d/rules: call configure via dh_auto_configure.
Thanks to Helmut Grohne (Closes: #885854)
* [a459455] Drop B-D on libcurl4-gnutls-dev; removed upstream since 2.2
* [235af9d] Update upstream signing key
-- Apollon Oikonomopoulos <email address hidden> Tue, 20 Mar 2018 11:15:42 +0200
| Superseded in stretch-release |
dovecot (1:2.2.27-3+deb9u2) stretch-security; urgency=high
* [794e743] Fix CVE-2017-14461: rfc822_parse_domain information leak
vulnerability (Closes: #891819)
* [530ca6d] Fix CVE-2017-15130: TLS SNI config lookups are inefficient and
can be used for DoS (Closes: #891820)
+ Use dh-autoreconf, as src/Makefile.in needs to be regenerated. Also
disable dovecot_name.patch, since it changes dovecot's banner in
conjunction with dh_autoreconf.
* [68c2156] Fix CVE-2017-15132: memory leak on aborted SASL auth (Closes:
#888432)
-- Apollon Oikonomopoulos <email address hidden> Thu, 01 Mar 2018 15:15:45 +0200
dovecot (1:2.2.34-2) unstable; urgency=high * [868dc65] Update pigeonhole to 0.4.22 * Set urgency to high due to the security fixes in 2.2.34-1 -- Apollon Oikonomopoulos <email address hidden> Fri, 02 Mar 2018 18:36:23 +0200
| Superseded in sid-release |
dovecot (1:2.2.34-1) unstable; urgency=medium
* [f53dc9a] New upstream version 2.2.34
Fixes the following security issues:
+ CVE-2017-15130: TLS SNI config lookups may lead to excessive memory
usage (Closes: #891820)
+ CVE-2017-14461: rfc822_parse_domain information leak vulnerability
(Closes: #891819)
+ CVE-2017-15132: auth client leaks memory if SASL authentication is
aborted (Closes: #888432)
* [0dc98c6] Do not patch all-settings.c; regenerate it at build time
instead. Thanks to Aki Tuomi!
* [e678e3b] Bump dh compat to 11
+ B-D on debhelper (>= 11~)
+ Use dh_installsystemd instead of dh_systemd_enable
* [271b290] Bump Standards-Version to 4.1.3; no changes needed
* [3cd6715] d/copyright: bump upstream and debian years
* [380d1ac] Drop the ENABLED flag from /etc/default/dovecot (but let the
initscript handle it if it exists)
* [97d6fae] d/watch: switch upstream URL to https://
-- Apollon Oikonomopoulos <email address hidden> Thu, 01 Mar 2018 10:55:49 +0200
dovecot (1:2.2.33.2-1) unstable; urgency=medium * [8216f38] New upstream version 2.2.33.2 -- Apollon Oikonomopoulos <email address hidden> Sat, 11 Nov 2017 20:59:43 +0200
| Superseded in sid-release |
dovecot (1:2.2.33.1-1) unstable; urgency=medium
* [dbd1132] New upstream version 2.2.33.1
+ [b3d1f2d] Refresh split-protocols.patch
+ [e0de123] Update pigeonhole to 0.4.21
* [ef6a1eb] Set mail_privileged_group to 'mail' by default (Closes: #711856)
* [aeb6cf3] d/copyright: convert to Format 1.0
* [5961f9d] Use dh-autoreconf for both, dovecot and pigeonhole.
* [85f1f0f] Bump Standards to 4.1.1; no changes needed
-- Apollon Oikonomopoulos <email address hidden> Fri, 13 Oct 2017 16:28:14 +0300
dovecot (1:2.2.32-2) unstable; urgency=medium
* [fa71c69] dovecot-core.postinst: remove dovecot-common's postrm
(Closes: #696382)
* [e835c67] Ship decode2text.sh as an example (Closes: #767313)
* [63fb486] Deprecate dovecot-dbg in favor of auto dbgsyms
* [36b44b9] Handle unsupported SSLv2/SSLv3 in the ssl_protocols setting
gracefully (Closes: #866752)
-- Apollon Oikonomopoulos <email address hidden> Tue, 19 Sep 2017 16:59:38 +0300
| Superseded in sid-release |
dovecot (1:2.2.32-1) unstable; urgency=medium
* [6652d9c] New upstream version 2.2.32.
* [c9cb096] Update pigeonhole to 0.4.20.
* [b499950] dovecot-core: remove SSL key/cert symlinks on purge
(Closes: #867157)
* [dbdcc66] dovecot-core.postinst: ignore adduser errors (Closes: #867849)
* [476c950] Bump Standards to 4.1.0; no changes needed.
* [2914efa] Drop B-D on autotools-dev, it is depended on by debhelper 10.
* [305d022] Remove Fabio, Joel and Marco from Uploaders. Thanks for your work!
-- Apollon Oikonomopoulos <email address hidden> Tue, 12 Sep 2017 16:15:52 +0300
| Superseded in stretch-release |
dovecot (1:2.2.27-3+deb9u1) stretch; urgency=medium
* [8b8226f] Fix fts-solr: escape {} chars when sending queries (Closes:
#865945)
* [a97cdab] Add basic usage DEP-8 tests, performing end-to-end testing using
LDA, IMAP and POP3.
-- Apollon Oikonomopoulos <email address hidden> Fri, 30 Jun 2017 22:01:28 +0300
dovecot (1:2.2.31-1) unstable; urgency=medium
* [9b058f3] New upstream version 2.2.31
+ [2b577c1] Bump pigeonhole version to 0.4.19
* Enable TLS by default:
+ [7ca4b1c] Update SSL cert location patch; cert/key should reside under
/etc/dovecot/private by default.
+ [05d3d0f] Use ssl-cert-snakeoil certificates to setup SSL by default
(Closes: #376146, #786570)
+ [862901f] dovecot-core.postinst: manage 10-ssl.conf using ucf
(Closes: #850538)
+ [418df05] README.Debian: document the new TLS setup
+ [47bade9] dovecot-core.NEWS: document TLS support
* [8356bc0] Handle /etc/dovecot/private mode using dpkg-statoverride
* dovecot-core.postinst: cleanup
+ [afbd33f] dovecot-core.postinst: always call adduser
+ [ee22dc5] dovecot-core.postinst: remove obsolete conffile handling
+ [7bb298b] dovecot-core.postinst: do not remove the imapd user/group
* [815a2d1] README.Debian: cleanup
* [91115a3] Use noawait dpkg triggers (lintian warning)
* [e845cec] Add basic usage DEP-8 test, doing end-to-end tests involving
LDA, IMAP and POP3.
* [71c73ef] systemd: convert service to Type=simple and start after
network-online.target (Closes: #865546, #825562)
* [1534fac] dovecot.service: enable ProtectSystem=full
* [d276c69] B-D only on default-libmysqlclient-dev
-- Apollon Oikonomopoulos <email address hidden> Tue, 27 Jun 2017 18:18:12 +0300
| Superseded in sid-release |
dovecot (1:2.2.30.2-1) unstable; urgency=medium
* [401e83d] New upstream version 2.2.30.2
* [1ea8321] Bump pigeonhole version to 0.4.18
* [97bf8ec] Drop CVE-2017-2669 patch
* [9c1bbe2] Drop fix-sha3-on-big-endian.patch
* [d3c607b] Refresh dovecot_name.patch
* [5c64268] Bump Standards to 4.0.0; no changes needed
* [0b884fc] Bump compat to 10
+ B-D on debhelper (>= 10)
+ Drop B-D on dh-systemd, now provided by debhelper
+ Run dh --without=autoreconf, since we use autotools-dev
-- Apollon Oikonomopoulos <email address hidden> Thu, 22 Jun 2017 22:22:59 +0300
| Superseded in jessie-release |
dovecot (1:2.2.13-12~deb8u3) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Revert "auth: Do not double-expand key in passdb dict when authenticating
(CVE-2017-2669)"
This reverts the applied patch which resulted in no longer interpreting
placeholders in the keys even once with dict-based userdb or passdb.
The actual vulnerability was introduced later with "auth-db-dict: Allow
key name expansion" in 2.2.26.
Thanks to Nick Thomas <email address hidden> and Aki Tuomi <email address hidden>
-- Salvatore Bonaccorso <email address hidden> Tue, 11 Apr 2017 09:25:59 +0200
dovecot (1:2.2.27-3) unstable; urgency=high
* [117285a] Remove /etc/dovecot/README (Closes: #849290)
* [04e8ce3] auth: Do not double-expand key in passdb dict when
authenticating (CVE-2017-2669) (Closes: #860049)
-- Apollon Oikonomopoulos <email address hidden> Tue, 11 Apr 2017 00:46:54 +0300
dovecot (1:2.2.27-2) unstable; urgency=medium * [30586e3] Fix SHA3 on big-endian architectures. -- Apollon Oikonomopoulos <email address hidden> Thu, 15 Dec 2016 22:24:56 +0200
| Superseded in sid-release |
dovecot (1:2.2.27-1) unstable; urgency=medium
[ Jaldhar H. Vyas ]
* [b1e4693] Imported Upstream version 2.2.27
+ Includes fix for CVE-2016-8652 (Closes: #846605)
[ Apollon Oikonomopoulos ]
* [b25993a] Drop patches merged upstream:
+ call_openssl_cleanup_at_deinit.patch
+ disable_sslv23.patch
-- Apollon Oikonomopoulos <email address hidden> Wed, 14 Dec 2016 21:48:46 +0200
dovecot (1:2.2.26.0-4) unstable; urgency=medium * [3015f35] Drop references to SSLv2 in the default SSL protocols (Closes: #844271) -- Apollon Oikonomopoulos <email address hidden> Mon, 14 Nov 2016 17:55:26 +0200
| Superseded in sid-release |
dovecot (1:2.2.26.0-3) unstable; urgency=medium
* [b03027b] Call OPENSSL_cleanup() on dcrypt_openssl unload. Fixes FTBFS
with OpenSSL 1.1.0c.
-- Apollon Oikonomopoulos <email address hidden> Sun, 13 Nov 2016 10:56:30 +0200
| Superseded in sid-release |
dovecot (1:2.2.26.0-2) unstable; urgency=medium * [9db7d1b] Fix upgrades from 2.2.25 (Closes: #843028) -- Apollon Oikonomopoulos <email address hidden> Tue, 08 Nov 2016 15:06:16 +0200
| Superseded in sid-release |
dovecot (1:2.2.26.0-1) unstable; urgency=medium
[ Apollon Oikonomopoulos ]
* [18fc181] New upstream version 2.2.26.0 (Closes: #828286, #834837)
* [3ecfd3c] Update pigeonhole to 0.4.16
* [61ff825] Move libdovecot-ldap and libdict_ldap to dovecot-ldap (Closes:
#830135).
* [b3a1650] Ubuntu: disable -Bsymbolic-functions ld flag.
Thanks to Christian Ehrhardt <email address hidden>
(Closes: #842151) (LP: #1636781)
* [5828ab1] B-D on default-libmysqlclient-dev (but keep plain
libmysqlclient-dev as an alternative to ease backports).
* [0086110] Drop DRAC plugin.
Thanks to Christian Ehrhardt <email address hidden>
(Closes: #842153)
[ Jaldhar H. Vyas ]
* [60808eb] Move aclocal *.m4 files into -dev package.
* [52fd869] Move lib95_imap_sieve_plugin.so into dovecot-sieve (Closes:
#832046).
-- Apollon Oikonomopoulos <email address hidden> Thu, 07 Jul 2016 10:17:58 +0200
dovecot (1:2.2.25-1) unstable; urgency=medium
* [cc29a81] Imported Upstream version 2.2.25
* [d19bcca] Updated pigeonhole patch to 0.4.14
* [16db179] Merged in some features of the Ubuntu dovecot package.
+ dovecot-core: added lsb-base dependency.
+ dovecot-core: Added apport hook.
+ dovecot-imapd,dovecot-pop3d: Added ufw profiles.
Thanks to Christian Erhardt <email address hidden>
(Closes: #828864)
-- Jaldhar H. Vyas <email address hidden> Fri, 01 Jul 2016 17:07:03 -0400
dovecot (1:2.2.24-1) unstable; urgency=medium * [26020b6] Imported Upstream version 2.2.24 (Closes: #818652) -- Apollon Oikonomopoulos <email address hidden> Mon, 09 May 2016 10:42:08 +0300
dovecot (1:2.2.23-1) unstable; urgency=medium [ Jaldhar H. Vyas ] * Drop missing-expunges.patch, merged upstream [ Apollon Oikonomopoulos ] * [8a01915] Imported Upstream version 2.2.23 -- Apollon Oikonomopoulos <email address hidden> Tue, 12 Apr 2016 17:30:03 +0300
dovecot (1:2.2.22-1) unstable; urgency=medium [ Jaldhar H. Vyas ] * [2321581] Imported Upstream version 2.2.22 * [3fa8a62] Updated pigeonhole patch to 0.4.13 -- Jaldhar H. Vyas <email address hidden> Fri, 18 Mar 2016 19:18:34 -0400
dovecot (1:2.2.21-1) unstable; urgency=medium
[ Jaldhar H. Vyas ]
* [d9c0630] Imported Upstream version 2.2.21 (Closes: #809666, #708539,
#801346, 803223)
* [5360548] Updated pigeonhole patch to 0.4.12
* [5e6783f] Fixed typo in dovecot-core.README.Debian.
Thanks to Ingo Wichmann <email address hidden> (Closes: #809717)
* [d00d0c7] Create /var/lib/dovecot in the package. (Closes: #801752)
* [6510373] Upstream patch for sync problem which could cause expunged
messages to keep reappearing. (Closes: #684499)
* [040f7fa] dovecot-core: dovecot.socket not enabled on installation
(Closes: #814999)
* [fc29003] /etc/dovecot/10-ssl.conf no longer managed by ucf or modified by
postinst. Thanks to Santiago Vila <email address hidden> (Closes: #773237)
* [0d16e16] Fixed some lintian warnings.
* [801ba7e] Added Apollon to uploaders
[ Apollon Oikonomopoulos ]
* [99ef3d8] Build with lz4 support (Closes: #784321)
* [92f68aa] Fix nss userdb (Closes: #712764)
* [41b9bde] Disable dovecot.socket in existing installations.
* [49c5b97] d/rules: specify systemd unit dir manually (Closes: #720854)
* [a377ccb] Convert to dh sequencer
* [48af954] B-D on debhelper >= 9
* [591c315] Bump standards to 3.9.7; no changes needed
* [ceb629e] Use dh_installinit --name
* [ef8d8ac] d/rules: refactor file installation
* [a899bcc] dovecot-core: use dh_installman
* [6159e00] d/rules: build in parallel if requested
* [51014e6] d/control: use HTTPS Vcs-* URLs
* [b385cf5] dovecot-sieve: replace Conflicts with Breaks
* [b4a9e68] Add basic DEP-8 tests
* [7452649] Add DEP-8 tests for systemd support
* [e5101aa] Re-enable PIE and bindnow
* [5717808] Fix invoke-rc.d calls and never call init.d directly
* [3504241] Drop debconf remains
-- Jaldhar H. Vyas <email address hidden> Tue, 01 Mar 2016 19:31:42 -0500
| Superseded in jessie-release |
dovecot (1:2.2.13-12~deb8u1) stable; urgency=high
* [6e16721] Fix a mbox corruption problem by applying two patches from
mercurial upstream.
- fix-mbox-corruption-18534.patch (changeset 18534:94bd895721d8).
- fix-mbox-corruption-18679.patch (changeset 18679:b6ea460e7cc4).
Thanks to Santiago Vila <email address hidden> (Closes: 776094)
-- Jaldhar H. Vyas <email address hidden> Sun, 31 May 2015 01:38:40 -0400
dovecot (1:2.2.18-2) unstable; urgency=high * [3f3bf71] Updated pigeonhole patch to 0.4.8 (Closes: #792669) -- Jaldhar H. Vyas <email address hidden> Sun, 23 Aug 2015 23:16:28 -0400
dovecot (1:2.2.18-1) unstable; urgency=medium * [cce20a5] Imported Upstream version 2.2.18. Closes: #786760 * [36d2ec1] Refresh patch dovecot_name.patch. * [109e6f8] Drop patch cve-2015-3420.patch: applied upstream. * [6c59f09] Depend on krb5-multidev rather than libkrb5-dev. -- Jelmer Vernooij <email address hidden> Sun, 24 May 2015 15:01:19 +0000
| Superseded in sid-release |
dovecot (1:2.2.16-1) unstable; urgency=medium * [e9d9193] Imported Upstream version 2.2.16 * [976c256] Remove gbp- prefix from section names in debian/gbp.conf. * [762b9a6] Add Dutch translation. Thanks, Frans Spiesschaert. Closes: #766203 * [dea3dd6] Drop bye_logout_not_sent.patch: already included upstream. -- Jelmer Vernooij <email address hidden> Mon, 04 May 2015 12:23:05 +0000
| Superseded in sid-release |
dovecot (1:2.2.13-12) unstable; urgency=high
* [48f6fe4] Add patch cve-2015-3420.patch: Fix SSL/TLS handshake failures
leading to a crash of the login process with newer versions of OpenSSL.
Closes: #783649 (CVE-2015-3420)
-- Jelmer Vernooij <email address hidden> Mon, 04 May 2015 11:38:30 +0000
dovecot (1:2.2.13-11) unstable; urgency=high
* [ebc0377] Don't allow install of dovecot-sieve without a new enough
dovecot-core. (Closes: #772885)
-- Jaldhar H. Vyas <email address hidden> Sun, 14 Dec 2014 12:27:50 -0500
| 1 → 75 of 146 results | First • Previous • Next • Last |
