Change log for dovecot package in Debian
1 → 75 of 146 results | First • Previous • Next • Last |
Published in sid-release |
dovecot (1:2.3.21+dfsg1-3) unstable; urgency=medium * [883dc1a] Add libtirpc-dev to build-depends (Closes: #1065213) -- Noah Meyerhans <email address hidden> Sat, 09 Mar 2024 22:31:22 -0800
Superseded in sid-release |
dovecot (1:2.3.21+dfsg1-2) unstable; urgency=medium [ Christian Göttsche ] * [a2fbc2f] split-protocols.patch: patch all-settings.c to successfully build twice (Closes: #1044797) [ Noah Meyerhans ] * [70e4426] Drop arm64 from libunwind builddep arch list -- Noah Meyerhans <email address hidden> Mon, 30 Oct 2023 13:40:35 -0700
Superseded in sid-release |
dovecot (1:2.3.21+dfsg1-1) unstable; urgency=medium [ Noah Meyerhans ] * [753b4fe] Don't build the unmaintained lucene fts plugin (Closes: #1040884) * [5597486] New upstream version 2.3.21+dfsg1 [ Christian Göttsche ] * [b8017f1] Cleanup temporary build files * [35e1afe] Silence prototype conflicts * [8dda8b9] Update Lintian overrides * [6bae82f] Bump to standards version 4.6.2 (no further changes) * [1f973d2] Mark hurd patch forwarded -- Noah Meyerhans <email address hidden> Sat, 14 Oct 2023 08:52:10 -0700
Superseded in sid-release |
dovecot (1:2.3.20+dfsg1-1) unstable; urgency=medium [ Christian Göttsche ] * [fb2a5b7] d/rules: enable stack clash protection * [2666970] d/patches: bump _FORTIFY_SOURCE to level 3 [ Noah Meyerhans ] * [eab5171] New upstream version 2.3.20+dfsg1 * [d6135a4] Drop dependency on obsolete lsb-base package -- Noah Meyerhans <email address hidden> Sun, 25 Jun 2023 16:17:56 -0700
dovecot (1:2.3.19.1+dfsg1-2.1) unstable; urgency=medium * Non-maintainer upload. * [b02ebc9] Don't use deprecated crypt module. (closes: #1028513) -- Bas Couwenberg <email address hidden> Fri, 20 Jan 2023 07:01:26 +0100
Published in bullseye-release |
dovecot (1:2.3.13+dfsg1-2+deb11u1) bullseye; urgency=medium * [4b5dac8] d/patches: cherry-pick fix for CVE-2022-30550 (Closes: #1016351) * [597ba7f] salsa-ci: build with bullseye -- Noah Meyerhans <email address hidden> Sun, 31 Jul 2022 17:47:06 -0700
Superseded in sid-release |
dovecot (1:2.3.19.1+dfsg1-2) unstable; urgency=medium [ Christian Göttsche ] * [281fb2c] d/patches: cherry-pick fix for CVE-2022-30550 (Closes: #1016351) * [9c58e71] d/patches: fix uninitialized read in doveadm-oldstats * [a76a24d] d/control: bump to standards version 4.6.1 (no further changes) * [4aaaa8b] Update Lintian overrides -- Noah Meyerhans <email address hidden> Fri, 29 Jul 2022 19:58:28 -0700
Superseded in sid-release |
dovecot (1:2.3.19.1+dfsg1-1) unstable; urgency=medium [ Christian Göttsche ] * [e40f93f] d/patches: avoid usage of PATH_MAX not available on hurd * [19e00cd] d/rules: enable backtrace generation * [5bf1c43] d/patches: debug flaky unit test [ Noah Meyerhans ] * [b73422f] New upstream version 2.3.19.1+dfsg1 * [c88bfc0] Update changelog for 1:2.3.19.1+dfsg1-1 release * [ca59548] Update lintian overrides * [d6406c2] d/copyright: update declarations for current maintainers -- Noah Meyerhans <email address hidden> Wed, 22 Jun 2022 09:27:01 -0700
Superseded in sid-release |
dovecot (1:2.3.19+dfsg1-1) unstable; urgency=medium [ Christian Göttsche ] * [0d29e45] d/rules: enable LTO via DEB_BUILD_MAINT_OPTIONS instead of custom flags * [560cceb] d/source/lintian-overrides: update very-long-line-length-in-source-file overrides * [b99d09e] d/copyright: update years * [9ee8271] d/dovecot-core.prerm: drop as superseded by debhelper * [907f85c] d/maintscripts: update * [2b38240] d/dovecot-core.postinst: drop support for version skips * [dcb76d1] d/dovecot-core.postinst: only link certs if existent (Closes: #1009872) * [d223bbd] d/patches: add patch to support openssl 3.0 (Closes: #996273) [ Noah Meyerhans ] * [9f3175e] New upstream version 2.3.19+dfsg1 -- Noah Meyerhans <email address hidden> Sun, 05 Jun 2022 18:29:18 +0000
Superseded in sid-release |
dovecot (1:2.3.18+dfsg1-1) unstable; urgency=medium [ Noah Meyerhans ] * [36966c8] New upstream version 2.3.18+dfsg1 * [042bda4] Refresh patches for 1:2.3.18+dfsg1-1 -- "Noah Meyerhans" <email address hidden> Thu, 10 Feb 2022 20:05:50 +0000
Superseded in sid-release |
dovecot (1:2.3.17.1+dfsg1-1) unstable; urgency=medium [ Christian Göttsche ] * [40b0010] New upstream version 2.3.17+dfsg1 * [3c377e0] New upstream version 2.3.17.1+dfsg1 * [e2f1ce2] d/patches: rebase and drop upstream applied ones * [533b7ad] d/control: bump to standards version 4.6.0 (no further changes) * [02ed6cf] debian: reduce Lintian issues * [bb3ae48] d/salsa-ci.yml: skip cross build and do not fail on Lintian warnings * [bcda7e4] d/control: build against Lua 5.4 * [9eed0dd] d/control: enable libunwind support on available archs * [1990699] d/patches: cherry-pick memory leak commit * [426df46] d/patches: cherry-pick imapsieve fix * [e3d0747] d/patches: add patch for LTO by avoiding unaligned access -- Noah Meyerhans <email address hidden> Tue, 14 Dec 2021 09:24:23 -0800
Superseded in sid-release |
dovecot (1:2.3.16+dfsg1-3) unstable; urgency=medium * [7b858b6] Fix FTBFS on mips(64)el. Stacktrace generation on these architectures requires -funwind-tables, as with 32-bit arm. -- Noah Meyerhans <email address hidden> Thu, 16 Sep 2021 08:41:27 -0700
Superseded in sid-release |
dovecot (1:2.3.16+dfsg1-2) unstable; urgency=medium [ Christian Göttsche ] * [e1e9ece] d/patches: rework backtrace test patch * [be404bf] d/patches: add big-endian patch -- Noah Meyerhans <email address hidden> Fri, 10 Sep 2021 16:10:50 -0700
Superseded in sid-release |
dovecot (1:2.3.16+dfsg1-1) unstable; urgency=medium [ Christian Göttsche ] * [ff4a227] New upstream version 2.3.14+dfsg1 * [963fa3b] New upstream version 2.3.15+dfsg1 (Closes: #991323, #983510) * [5e0c898] d/watch: adjust dversionmangle for dfsg suffix * [9ffb0f5] d/patches: update * [850e1d6] New upstream version 2.3.16+dfsg1 * [7140b87] d/patches: rebase patches * [fb1b77e] d/rules: enable LTO * [ce7055d] d/control: add libsystemd-dev dependency * [db93263] d/copyright: drop unused section * [aeec1e8] d/rules: update how to set systemdsystemunitdir * [ebe9709] d/patches: resolve compiler warnings * [19b2bb0] d/changelog: bump to 1:2.3.16+dfsg1-1 * [58a4078] d/patches: update 32bit warnings patch [ Noah Meyerhans ] * [f217c2e] Fix indexer crash * [b075317] Import upstream patch for indexer crash on client disconnect * [36e8740] drop debian/dovecot-core.maintscript -- Noah Meyerhans <email address hidden> Thu, 02 Sep 2021 13:22:16 -0700
dovecot (1:2.3.13+dfsg1-2) unstable; urgency=high * Import upstream fixes for security issues (Closes: #990566): - CVE-2021-29157: Path traversal issue allowing an attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location - CVE-2021-33515: Sensitive information could be redirected to an attacker-controlled address because of a STARTTLS command injection bug in the submission service -- Noah Meyerhans <email address hidden> Tue, 20 Jul 2021 08:05:19 -0700
Published in buster-release |
dovecot (1:2.3.4.1-5+deb10u6) buster; urgency=medium * Backport upstream fix for crash that occurred when searching mailboxes containing malformed MIME messages. (Closes: #970386) -- Noah Meyerhans <email address hidden> Wed, 27 Jan 2021 16:35:17 -0800
dovecot (1:2.3.13+dfsg1-1) unstable; urgency=medium [ Christian Göttsche ] * [6829237] New upstream version 2.3.13 (Closes: #979363) - CVE-2020-24386: IMAP hibernation allows accessing other peoples mail - CVE-2020-25275: MIME parsing crashes with particular messages * [6d25736] Add libzstd-dev to build-dependencies (Closes: #969165) * [5956798] Rebase patches * [2cb63c3] Bump to standards version 4.5.1 (no further changes) * [548bac5] Drop unmatched copyright src/lib-ntlm/* wildcard * [6f33f3f] Ignore package-contains-documentation-outside-usr-share-doc false-positives * [dde9c94] Handle removed configuration file in postinst [ Pino Toscano ] * [04a60e3] d/{control,rules}: disable apparmor support on !linux archs (Closes: #951869) [ Helmut Grohne ] * [e5f9fcb] d/patches: improve cross-compile support (Closes: #979370) -- Noah Meyerhans <email address hidden> Mon, 25 Jan 2021 15:38:17 -0800
Available diffs
Superseded in buster-release |
dovecot (1:2.3.4.1-5+deb10u4) buster; urgency=medium * Import upstream fix for dsync sieve filter sync regression (Closes: #930919) * userdb-passwd: Fix getpwent errno handling (Closes: #928492) -- Noah Meyerhans <email address hidden> Wed, 26 Aug 2020 13:54:40 -0700
Superseded in sid-release |
dovecot (1:2.3.11.3+dfsg1-2) unstable; urgency=medium [ Christian Göttsche ] * [44770f6] Add patch for 32bit compiler warnings * [053865a] Lintian: remove unused override * [4ece2e1] Lintian: add forwarded header to Debian specific patches * [67872b7] Lintian: ignore Debian only man page * [d30bd7e] Lintian: tag manpage-without-executable got renamed to spare-manual-page * [3bdf952] Limit libcap-dev build-dependency to linux-any * [28f6425] Drop acute accent in man page * [8c15850] Add patch allowing GSSAPI containing NULL -- Noah Meyerhans <email address hidden> Wed, 19 Aug 2020 12:06:07 -0700
Available diffs
Superseded in sid-release |
dovecot (1:2.3.11.3+dfsg1-1) unstable; urgency=high * New upstream release fixes security issues (Closes: #968302) - CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to resource exhaustion as Dovecot attempts to parse it. - CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. - CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on. * Add libcap-dev to build-dependencies to support dropping linux capabilities. -- Noah Meyerhans <email address hidden> Thu, 13 Aug 2020 16:21:24 -0700
Available diffs
Superseded in buster-release |
dovecot (1:2.3.4.1-5+deb10u2) buster-security; urgency=high * Non-maintainer upload by the Security Team. * Apply upstream fixes for CVE-2020-10957, CVE-2020-10958 and CVE-2020-10967 (Closes: #960963) - lib-smtp: smtp-server-cmd-vrfy - Restructure parameter parsing. - lib-smtp: smtp-syntax - Do not allow NULL return parameters for smtp_string_parse(). - lib-smtp: smtp-syntax - Do not allow NULL return parameters for smtp_xtext_parse(). - lib-smtp: syntax: Fix smtp_ehlo_line_parse() to also record the last parameter. - lib-smtp: smtp-syntax - Do not allow NULL return parameters for smtp_ehlo_line_parse(). - lib-smtp: smtp-syntax - Return 0 for smtp_string_parse() with empty input. - lib-smtp: Add tests for smtp_string_parse() and smtp_string_write(). - lib-smtp: test-smtp-server-errors - Add tests for VRFY and NOOP commands with invalid parameters. - lib-smtp: server: command: Move core of smtp_server_command_submit_reply() into a separate function. - lib-smtp: smtp-server-command - Assign cmd->reg immediately. - lib-smtp: smtp-server-command - Guarantee that non-destroy hooks aren't called for an ended command. - lib-smtp: smtp-server-command - Perform initial command execution in separate function. - lib-smtp: smtp-server-connection - Hold a command reference while executing a command. - lib-smtp: test-smtp-server-errors - Add tests for large series of empty and bad commands. - lib-smtp: smtp-address - Don't return NULL from smtp_address_clone*() unless the input is NULL. - lib-smtp: smtp-address - Don't recognize an address with empty localpart as <>. - lmtp: lmtp-commands - Explicity prohibit empty RCPT path. -- Salvatore Bonaccorso <email address hidden> Mon, 18 May 2020 22:09:08 +0200
Superseded in sid-release |
dovecot (1:2.3.10.1+dfsg1-2) unstable; urgency=medium * Support sd_notify with systemd (Closes: #951722) * Add necessary CFLAGS and LDFLAGS settings to ensure functional backtrace generation. (Closes: #962630) * Suppress additional library-not-linked-against-libc lintian warnings some plugins as false-positives, observed on armel systems [ Andreas Hasenack ] * d/t/control, d/t/testmails: cherry-pick updated autopkgtests from Ubuntu's 1:2.2.35-2ubuntu1: - d/t/testmails: dropped the hardcoded "Ubuntu" name from the banner text and made it distribution agnostic - d/t/control: added lsb-release to test dependencies, used to get the distribution name -- Noah Meyerhans <email address hidden> Tue, 16 Jun 2020 08:29:02 -0700
Available diffs
Superseded in sid-release |
dovecot (1:2.3.10.1+dfsg1-1) unstable; urgency=medium * New upstream release addresses multiple security issues - CVE-2020-10957 - CVE-2020-10958 - CVE-2020-10967 (Closes: #960963) * Refresh patches * Strip non-DFSG-compliant docs from .orig archives * Incorporate a number of improvements to debian/ metadata contributed by Christian Göttsche <email address hidden> * Add <email address hidden> to Uploaders * Work around flakiness in autopkgtest suite * Suppress library-not-linked-against-libc lintian warnings some plugins as false-positives -- Noah Meyerhans <email address hidden> Wed, 10 Jun 2020 10:41:37 -0700
Available diffs
Published in stretch-release |
dovecot (1:2.2.27-3+deb9u5) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Fix CVE-2019-11500 - lib-imap: Don't accept strings with NULs - lib-imap: Make sure str_unescape() won't be writing past allocated memory - lib-managesieve: Don't accept strings with NULs - lib-managesieve: Make sure str_unescape() won't be writing past allocated memory -- Salvatore Bonaccorso <email address hidden> Sun, 25 Aug 2019 15:29:44 +0200
Superseded in buster-release |
dovecot (1:2.3.4.1-5+deb10u1) buster-security; urgency=high * Non-maintainer upload by the Security Team. * Fix CVE-2019-11500 - lib-imap: Don't accept strings with NULs - lib-imap: Make sure str_unescape() won't be writing past allocated memory - lib-managesieve: Don't accept strings with NULs - lib-managesieve: Make sure str_unescape() won't be writing past allocated memory -- Salvatore Bonaccorso <email address hidden> Sun, 25 Aug 2019 10:54:21 +0200
Superseded in sid-release |
dovecot (1:2.3.7.2-1) unstable; urgency=medium * [dcaf24e] New upstream version 2.3.7.2 - Fixes CVE-2019-11500 for dovecot-core * [111beef] Update pigeonhole to 0.5.7.2 - Fixes CVE-2019-11500 for pigeonhole/managesieve * [a422c4c] Bump Standards-Version to 4.4.0; no changes needed * [56e37ed] Bump dh compat to 12; no changes needed. - Drop d/compat in favor debhelper-compat B-D. * [476edbd] Refresh dovecot_name.patch and ssl-cert-location.patch * [9dc7904] Drop patches included in 2.3.7.2. - CVE-2019-10691 - CVE-2019-11494 - CVE-2019-11499 - CVE-2019-7524 - avoid-double-closing-mysql.patch - lib-master-test-event-stats-Use-PRIu64-format.patch -- Apollon Oikonomopoulos <email address hidden> Thu, 29 Aug 2019 11:55:51 +0300
dovecot (1:2.3.4.1-5) unstable; urgency=medium * [bd00402] Fix CVE-2019-11494 and CVE-2019-11499 (Closes: #928235) - submission-login: fix null pointer dereference when client disconnects during authentication (CVE-2019-11494) - submission-login: fix assert-crash when receiving an invalid authentication message over TLS (CVE-2019-11499) -- Apollon Oikonomopoulos <email address hidden> Mon, 29 Apr 2019 23:35:05 +0300
Superseded in stretch-release |
dovecot (1:2.2.27-3+deb9u4) stretch-security; urgency=high * [d402493] Fix two buffer overflows when reading oversized FTS headers and/or oversized POP3-UIDL headers (CVE-2019-7524). -- Apollon Oikonomopoulos <email address hidden> Mon, 25 Mar 2019 22:10:49 +0200
dovecot (1:2.3.4.1-4) unstable; urgency=high * [d04d4ba] Fix assert-crash in JSON encoder (CVE-2019-10691) -- Apollon Oikonomopoulos <email address hidden> Thu, 18 Apr 2019 10:21:19 +0300
dovecot (1:2.3.4.1-3) unstable; urgency=high * [07c9212] Fix two buffer overflows when reading oversized FTS headers and/or oversized POP3-UIDL headers (CVE-2019-7524). -- Apollon Oikonomopoulos <email address hidden> Mon, 25 Mar 2019 23:06:01 +0200
dovecot (1:2.3.4.1-2) unstable; urgency=medium [ Laurent Bigonville ] * [ac99918] Fix double-free crash in mysql driver Fix double closing of the connection in the mysql driver, this should fix the crash in the dovecot auth process, taken from upstream. (Closes: #918339) [ Apollon Oikonomopoulos ] * [8a30446] Bump Standards-Version to 4.3.0; no changes needed -- Apollon Oikonomopoulos <email address hidden> Thu, 14 Mar 2019 11:02:39 +0200
dovecot (1:2.3.4.1-1) unstable; urgency=high * [bebf0b4] New upstream version 2.3.4.1 + Fixes CVE-2019-3814: TLS client auth username handling -- Apollon Oikonomopoulos <email address hidden> Tue, 05 Feb 2019 16:19:12 +0200
dovecot (1:2.3.4-2) unstable; urgency=medium * [51d1317] Fix FTBFS on 32-bit platforms. Cherry-pick upstream commit de42b54, fixing the event-stats test on 32-bit platforms. -- Apollon Oikonomopoulos <email address hidden> Sat, 24 Nov 2018 02:02:17 +0200
dovecot (1:2.3.4-1) unstable; urgency=medium * [14c247f] New upstream version 2.3.4 * [7fed004] Update pigeonhole to 0.5.4 -- Apollon Oikonomopoulos <email address hidden> Fri, 23 Nov 2018 22:00:06 +0200
dovecot (1:2.3.3-1) unstable; urgency=medium [ Jelmer Vernooij ] * Trim trailing whitespace. [ Apollon Oikonomopoulos ] * [6591a99] New upstream version 2.3.3 * [3d718ec] Bump Standards-Version to 4.2.1; no changes needed * [123bd32] Update pigeonhole to 0.5.3 -- Apollon Oikonomopoulos <email address hidden> Thu, 04 Oct 2018 17:29:40 +0300
dovecot (1:2.3.2.1-1) unstable; urgency=medium * [40ba9f0] New upstream bugfix release 2.3.2.1 * [87045ac] Drop fix-ftbfs-on-32bit.patch; merged upstream * [5bb22a4] Bump Standards-Version to 4.1.5; no changes needed -- Apollon Oikonomopoulos <email address hidden> Tue, 10 Jul 2018 17:51:43 +0300
dovecot (1:2.3.2-2) unstable; urgency=medium * [48067de] Fix FTBFS on 32-bit platforms by cherry-picking upstream commit 1e23986f. -- Apollon Oikonomopoulos <email address hidden> Wed, 04 Jul 2018 12:43:14 +0300
dovecot (1:2.3.2-1) unstable; urgency=medium * [bb03669] New upstream version 2.3.2 + Upload to unstable * [d29da3a] Merge 2.3 package changes from experimental. Important changes: + [b3d1e17] Enable AppArmor support, see https://wiki2.dovecot.org/Plugins/Apparmor • B-D on libapparmor-dev + [c0c55bd] Enable Lua scripting support for authdb/passdb. • B-D on liblua5.3-dev • New binary package, dovecot-auth-lua + [4f6792e] Build with sodium support, enabling the ARGON2I and ARGON2ID password schemes. • B-D on libsodium-dev + [54347e7] Build with ICU support enabling FTS unicode normalization • B-D on libicu-dev + New dovecot-submissiond binary package for the dovecot submission agent; see https://wiki2.dovecot.org/Submission. * [4db4813] Change maintainer address to <email address hidden> * [5118354] Update pigeonhole to 0.5.2 * [52a7af4] Drop murmur3-big-endian.patch; merged upstream * [22a6eee] Refresh dovecot_name.patch * [3af7568] dovecot_name.patch: apply to submissiond as well -- Apollon Oikonomopoulos <email address hidden> Wed, 04 Jul 2018 08:57:45 +0300
Published in jessie-release |
dovecot (1:2.2.13-12~deb8u4) jessie-security; urgency=high * [eb6eab8] Fix CVE-2017-14461: rfc822_parse_domain information leak (Closes: #891819) * [df2ccf9] Fix CVE-2017-15130: TLS SNI config lookups are inefficient and can be used for DoS (Closes: #891820) + Use dh-autoreconf, as src/Makefile.in needs to be regenerated. Also disable dovecot_name.patch, since it changes dovecot's banner in conjunction with dh_autoreconf. * [292742f] Fix CVE-2017-15132: memory leak on aborted SASL auth (Closes: #888432) * [3e2ccd1] Add myself to Uploaders -- Apollon Oikonomopoulos <email address hidden> Thu, 01 Mar 2018 19:12:05 +0200
dovecot (1:2.2.36-1) unstable; urgency=medium * [19f2274] d/gbp.conf: set merge-mode to "merge" to preserve pigeonhole/ when importing new dovecot sources * [6b9bf0d] New upstream version 2.2.36 * [be12f22] Bump pigeonhole version to 0.4.24 + Remove new file under doc/rfc + Ship the new imap_filter_sieve module in dovecot-sieve * [b77be59] Bump Standards-Version to 4.1.4; no changes needed -- Apollon Oikonomopoulos <email address hidden> Wed, 06 Jun 2018 09:31:49 +0300
Deleted in experimental-release (Reason: None provided.) |
dovecot (1:2.3.1-2) experimental; urgency=medium * [9354842] Update murmur3-big-endian.patch with upstream commits * [be60b19] Rename dovecot-submission to dovecot-submissiond * [c5f38f9] Bump Standards-Version to 4.1.4; no changes needed -- Apollon Oikonomopoulos <email address hidden> Wed, 06 Jun 2018 12:15:27 +0300
Superseded in experimental-release |
dovecot (1:2.3.1-1) experimental; urgency=medium * [d07381b] New upstream version 2.3.1 * [0be1513] Update pigeonhole to 0.5.1 * [b3d1e17] Enable AppArmor support, see https://wiki2.dovecot.org/Plugins/Apparmor - B-D on libapparmor-dev * [c0c55bd] Enable Lua scripting support for authdb/passdb. - B-D on liblua5.3-dev - New binary package, dovecot-auth-lua * [4f6792e] Build with sodium support, enabling the ARGON2I and ARGON2ID password schemes. - B-D on libsodium-dev * [54347e7] Build with ICU support enabling FTS unicode normalization - B-D on libicu-dev * [779908e] dovecot-submission: activate dovecot-core's triggers -- Apollon Oikonomopoulos <email address hidden> Tue, 27 Mar 2018 20:52:14 +0300
Superseded in experimental-release |
dovecot (1:2.3.0.1-2) experimental; urgency=medium * [f567eb4] Fix murmur3 hash on big-endian architectures, causing FTBFS. Thanks to Josef 'Jeff' Sipek. -- Apollon Oikonomopoulos <email address hidden> Tue, 27 Mar 2018 13:11:40 +0300
Superseded in experimental-release |
dovecot (1:2.3.0.1-1) experimental; urgency=medium * [e32a10f] New upstream stable series; see NEWS.Debian for more information * [64283fd] d/watch: bump upstream series to 2.3 * [a09dca8] Drop patches no longer needed - libnss_location.patch: NSS support removed upstream - systemd-service-fixes.patch: merged upstream - handle-sslv23-gracefully.patch: upstream refactored SSL support, no longer necessary * [3698015] Refresh remaining patches * [354998c] Update pigeonhole to 0.5.0.1 * [4a6dc2d] Set ssl_dh and ship RFC3526 4096-bit DH parameters * [ae700a0] Document breaking configuration changes in dovecot-core.NEWS * [0f4e6c4] New dovecot-submission package * [dc553a9] d/rules: let $(MOVE) auto-create destination directories * [3b8b56e] Do not rely on dh_installdirs for directories populated via $(MOVE) -- Apollon Oikonomopoulos <email address hidden> Sat, 24 Mar 2018 22:25:51 +0200
dovecot (1:2.2.35-2) unstable; urgency=medium * [7665652] Use git-subtree to generate pigeonhole patch from git; add single-debian-patch to d/source/local-options * [bfa0f10] d/rules: specify libdir manually; previous upload moved modules under /usr/lib/<triplet>, which was bound to break existing setups * [982e826] d/copyright: adjust pigeonhole path and bump years -- Apollon Oikonomopoulos <email address hidden> Thu, 22 Mar 2018 16:56:40 +0200
Superseded in sid-release |
dovecot (1:2.2.35-1) unstable; urgency=medium * [8108cba] New upstream version 2.2.35 * [6cbbaa1] Update pigeonhole to 0.4.23 (Closes: #892137) * [ef40625] d/rules: call configure via dh_auto_configure. Thanks to Helmut Grohne (Closes: #885854) * [a459455] Drop B-D on libcurl4-gnutls-dev; removed upstream since 2.2 * [235af9d] Update upstream signing key -- Apollon Oikonomopoulos <email address hidden> Tue, 20 Mar 2018 11:15:42 +0200
Superseded in stretch-release |
dovecot (1:2.2.27-3+deb9u2) stretch-security; urgency=high * [794e743] Fix CVE-2017-14461: rfc822_parse_domain information leak vulnerability (Closes: #891819) * [530ca6d] Fix CVE-2017-15130: TLS SNI config lookups are inefficient and can be used for DoS (Closes: #891820) + Use dh-autoreconf, as src/Makefile.in needs to be regenerated. Also disable dovecot_name.patch, since it changes dovecot's banner in conjunction with dh_autoreconf. * [68c2156] Fix CVE-2017-15132: memory leak on aborted SASL auth (Closes: #888432) -- Apollon Oikonomopoulos <email address hidden> Thu, 01 Mar 2018 15:15:45 +0200
dovecot (1:2.2.34-2) unstable; urgency=high * [868dc65] Update pigeonhole to 0.4.22 * Set urgency to high due to the security fixes in 2.2.34-1 -- Apollon Oikonomopoulos <email address hidden> Fri, 02 Mar 2018 18:36:23 +0200
Superseded in sid-release |
dovecot (1:2.2.34-1) unstable; urgency=medium * [f53dc9a] New upstream version 2.2.34 Fixes the following security issues: + CVE-2017-15130: TLS SNI config lookups may lead to excessive memory usage (Closes: #891820) + CVE-2017-14461: rfc822_parse_domain information leak vulnerability (Closes: #891819) + CVE-2017-15132: auth client leaks memory if SASL authentication is aborted (Closes: #888432) * [0dc98c6] Do not patch all-settings.c; regenerate it at build time instead. Thanks to Aki Tuomi! * [e678e3b] Bump dh compat to 11 + B-D on debhelper (>= 11~) + Use dh_installsystemd instead of dh_systemd_enable * [271b290] Bump Standards-Version to 4.1.3; no changes needed * [3cd6715] d/copyright: bump upstream and debian years * [380d1ac] Drop the ENABLED flag from /etc/default/dovecot (but let the initscript handle it if it exists) * [97d6fae] d/watch: switch upstream URL to https:// -- Apollon Oikonomopoulos <email address hidden> Thu, 01 Mar 2018 10:55:49 +0200
dovecot (1:2.2.33.2-1) unstable; urgency=medium * [8216f38] New upstream version 2.2.33.2 -- Apollon Oikonomopoulos <email address hidden> Sat, 11 Nov 2017 20:59:43 +0200
Superseded in sid-release |
dovecot (1:2.2.33.1-1) unstable; urgency=medium * [dbd1132] New upstream version 2.2.33.1 + [b3d1f2d] Refresh split-protocols.patch + [e0de123] Update pigeonhole to 0.4.21 * [ef6a1eb] Set mail_privileged_group to 'mail' by default (Closes: #711856) * [aeb6cf3] d/copyright: convert to Format 1.0 * [5961f9d] Use dh-autoreconf for both, dovecot and pigeonhole. * [85f1f0f] Bump Standards to 4.1.1; no changes needed -- Apollon Oikonomopoulos <email address hidden> Fri, 13 Oct 2017 16:28:14 +0300
dovecot (1:2.2.32-2) unstable; urgency=medium * [fa71c69] dovecot-core.postinst: remove dovecot-common's postrm (Closes: #696382) * [e835c67] Ship decode2text.sh as an example (Closes: #767313) * [63fb486] Deprecate dovecot-dbg in favor of auto dbgsyms * [36b44b9] Handle unsupported SSLv2/SSLv3 in the ssl_protocols setting gracefully (Closes: #866752) -- Apollon Oikonomopoulos <email address hidden> Tue, 19 Sep 2017 16:59:38 +0300
Superseded in sid-release |
dovecot (1:2.2.32-1) unstable; urgency=medium * [6652d9c] New upstream version 2.2.32. * [c9cb096] Update pigeonhole to 0.4.20. * [b499950] dovecot-core: remove SSL key/cert symlinks on purge (Closes: #867157) * [dbdcc66] dovecot-core.postinst: ignore adduser errors (Closes: #867849) * [476c950] Bump Standards to 4.1.0; no changes needed. * [2914efa] Drop B-D on autotools-dev, it is depended on by debhelper 10. * [305d022] Remove Fabio, Joel and Marco from Uploaders. Thanks for your work! -- Apollon Oikonomopoulos <email address hidden> Tue, 12 Sep 2017 16:15:52 +0300
Superseded in stretch-release |
dovecot (1:2.2.27-3+deb9u1) stretch; urgency=medium * [8b8226f] Fix fts-solr: escape {} chars when sending queries (Closes: #865945) * [a97cdab] Add basic usage DEP-8 tests, performing end-to-end testing using LDA, IMAP and POP3. -- Apollon Oikonomopoulos <email address hidden> Fri, 30 Jun 2017 22:01:28 +0300
dovecot (1:2.2.31-1) unstable; urgency=medium * [9b058f3] New upstream version 2.2.31 + [2b577c1] Bump pigeonhole version to 0.4.19 * Enable TLS by default: + [7ca4b1c] Update SSL cert location patch; cert/key should reside under /etc/dovecot/private by default. + [05d3d0f] Use ssl-cert-snakeoil certificates to setup SSL by default (Closes: #376146, #786570) + [862901f] dovecot-core.postinst: manage 10-ssl.conf using ucf (Closes: #850538) + [418df05] README.Debian: document the new TLS setup + [47bade9] dovecot-core.NEWS: document TLS support * [8356bc0] Handle /etc/dovecot/private mode using dpkg-statoverride * dovecot-core.postinst: cleanup + [afbd33f] dovecot-core.postinst: always call adduser + [ee22dc5] dovecot-core.postinst: remove obsolete conffile handling + [7bb298b] dovecot-core.postinst: do not remove the imapd user/group * [815a2d1] README.Debian: cleanup * [91115a3] Use noawait dpkg triggers (lintian warning) * [e845cec] Add basic usage DEP-8 test, doing end-to-end tests involving LDA, IMAP and POP3. * [71c73ef] systemd: convert service to Type=simple and start after network-online.target (Closes: #865546, #825562) * [1534fac] dovecot.service: enable ProtectSystem=full * [d276c69] B-D only on default-libmysqlclient-dev -- Apollon Oikonomopoulos <email address hidden> Tue, 27 Jun 2017 18:18:12 +0300
Superseded in sid-release |
dovecot (1:2.2.30.2-1) unstable; urgency=medium * [401e83d] New upstream version 2.2.30.2 * [1ea8321] Bump pigeonhole version to 0.4.18 * [97bf8ec] Drop CVE-2017-2669 patch * [9c1bbe2] Drop fix-sha3-on-big-endian.patch * [d3c607b] Refresh dovecot_name.patch * [5c64268] Bump Standards to 4.0.0; no changes needed * [0b884fc] Bump compat to 10 + B-D on debhelper (>= 10) + Drop B-D on dh-systemd, now provided by debhelper + Run dh --without=autoreconf, since we use autotools-dev -- Apollon Oikonomopoulos <email address hidden> Thu, 22 Jun 2017 22:22:59 +0300
Superseded in jessie-release |
dovecot (1:2.2.13-12~deb8u3) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Revert "auth: Do not double-expand key in passdb dict when authenticating (CVE-2017-2669)" This reverts the applied patch which resulted in no longer interpreting placeholders in the keys even once with dict-based userdb or passdb. The actual vulnerability was introduced later with "auth-db-dict: Allow key name expansion" in 2.2.26. Thanks to Nick Thomas <email address hidden> and Aki Tuomi <email address hidden> -- Salvatore Bonaccorso <email address hidden> Tue, 11 Apr 2017 09:25:59 +0200
dovecot (1:2.2.27-3) unstable; urgency=high * [117285a] Remove /etc/dovecot/README (Closes: #849290) * [04e8ce3] auth: Do not double-expand key in passdb dict when authenticating (CVE-2017-2669) (Closes: #860049) -- Apollon Oikonomopoulos <email address hidden> Tue, 11 Apr 2017 00:46:54 +0300
dovecot (1:2.2.27-2) unstable; urgency=medium * [30586e3] Fix SHA3 on big-endian architectures. -- Apollon Oikonomopoulos <email address hidden> Thu, 15 Dec 2016 22:24:56 +0200
Superseded in sid-release |
dovecot (1:2.2.27-1) unstable; urgency=medium [ Jaldhar H. Vyas ] * [b1e4693] Imported Upstream version 2.2.27 + Includes fix for CVE-2016-8652 (Closes: #846605) [ Apollon Oikonomopoulos ] * [b25993a] Drop patches merged upstream: + call_openssl_cleanup_at_deinit.patch + disable_sslv23.patch -- Apollon Oikonomopoulos <email address hidden> Wed, 14 Dec 2016 21:48:46 +0200
dovecot (1:2.2.26.0-4) unstable; urgency=medium * [3015f35] Drop references to SSLv2 in the default SSL protocols (Closes: #844271) -- Apollon Oikonomopoulos <email address hidden> Mon, 14 Nov 2016 17:55:26 +0200
Superseded in sid-release |
dovecot (1:2.2.26.0-3) unstable; urgency=medium * [b03027b] Call OPENSSL_cleanup() on dcrypt_openssl unload. Fixes FTBFS with OpenSSL 1.1.0c. -- Apollon Oikonomopoulos <email address hidden> Sun, 13 Nov 2016 10:56:30 +0200
Superseded in sid-release |
dovecot (1:2.2.26.0-2) unstable; urgency=medium * [9db7d1b] Fix upgrades from 2.2.25 (Closes: #843028) -- Apollon Oikonomopoulos <email address hidden> Tue, 08 Nov 2016 15:06:16 +0200
Superseded in sid-release |
dovecot (1:2.2.26.0-1) unstable; urgency=medium [ Apollon Oikonomopoulos ] * [18fc181] New upstream version 2.2.26.0 (Closes: #828286, #834837) * [3ecfd3c] Update pigeonhole to 0.4.16 * [61ff825] Move libdovecot-ldap and libdict_ldap to dovecot-ldap (Closes: #830135). * [b3a1650] Ubuntu: disable -Bsymbolic-functions ld flag. Thanks to Christian Ehrhardt <email address hidden> (Closes: #842151) (LP: #1636781) * [5828ab1] B-D on default-libmysqlclient-dev (but keep plain libmysqlclient-dev as an alternative to ease backports). * [0086110] Drop DRAC plugin. Thanks to Christian Ehrhardt <email address hidden> (Closes: #842153) [ Jaldhar H. Vyas ] * [60808eb] Move aclocal *.m4 files into -dev package. * [52fd869] Move lib95_imap_sieve_plugin.so into dovecot-sieve (Closes: #832046). -- Apollon Oikonomopoulos <email address hidden> Thu, 07 Jul 2016 10:17:58 +0200
dovecot (1:2.2.25-1) unstable; urgency=medium * [cc29a81] Imported Upstream version 2.2.25 * [d19bcca] Updated pigeonhole patch to 0.4.14 * [16db179] Merged in some features of the Ubuntu dovecot package. + dovecot-core: added lsb-base dependency. + dovecot-core: Added apport hook. + dovecot-imapd,dovecot-pop3d: Added ufw profiles. Thanks to Christian Erhardt <email address hidden> (Closes: #828864) -- Jaldhar H. Vyas <email address hidden> Fri, 01 Jul 2016 17:07:03 -0400
dovecot (1:2.2.24-1) unstable; urgency=medium * [26020b6] Imported Upstream version 2.2.24 (Closes: #818652) -- Apollon Oikonomopoulos <email address hidden> Mon, 09 May 2016 10:42:08 +0300
dovecot (1:2.2.23-1) unstable; urgency=medium [ Jaldhar H. Vyas ] * Drop missing-expunges.patch, merged upstream [ Apollon Oikonomopoulos ] * [8a01915] Imported Upstream version 2.2.23 -- Apollon Oikonomopoulos <email address hidden> Tue, 12 Apr 2016 17:30:03 +0300
dovecot (1:2.2.22-1) unstable; urgency=medium [ Jaldhar H. Vyas ] * [2321581] Imported Upstream version 2.2.22 * [3fa8a62] Updated pigeonhole patch to 0.4.13 -- Jaldhar H. Vyas <email address hidden> Fri, 18 Mar 2016 19:18:34 -0400
dovecot (1:2.2.21-1) unstable; urgency=medium [ Jaldhar H. Vyas ] * [d9c0630] Imported Upstream version 2.2.21 (Closes: #809666, #708539, #801346, 803223) * [5360548] Updated pigeonhole patch to 0.4.12 * [5e6783f] Fixed typo in dovecot-core.README.Debian. Thanks to Ingo Wichmann <email address hidden> (Closes: #809717) * [d00d0c7] Create /var/lib/dovecot in the package. (Closes: #801752) * [6510373] Upstream patch for sync problem which could cause expunged messages to keep reappearing. (Closes: #684499) * [040f7fa] dovecot-core: dovecot.socket not enabled on installation (Closes: #814999) * [fc29003] /etc/dovecot/10-ssl.conf no longer managed by ucf or modified by postinst. Thanks to Santiago Vila <email address hidden> (Closes: #773237) * [0d16e16] Fixed some lintian warnings. * [801ba7e] Added Apollon to uploaders [ Apollon Oikonomopoulos ] * [99ef3d8] Build with lz4 support (Closes: #784321) * [92f68aa] Fix nss userdb (Closes: #712764) * [41b9bde] Disable dovecot.socket in existing installations. * [49c5b97] d/rules: specify systemd unit dir manually (Closes: #720854) * [a377ccb] Convert to dh sequencer * [48af954] B-D on debhelper >= 9 * [591c315] Bump standards to 3.9.7; no changes needed * [ceb629e] Use dh_installinit --name * [ef8d8ac] d/rules: refactor file installation * [a899bcc] dovecot-core: use dh_installman * [6159e00] d/rules: build in parallel if requested * [51014e6] d/control: use HTTPS Vcs-* URLs * [b385cf5] dovecot-sieve: replace Conflicts with Breaks * [b4a9e68] Add basic DEP-8 tests * [7452649] Add DEP-8 tests for systemd support * [e5101aa] Re-enable PIE and bindnow * [5717808] Fix invoke-rc.d calls and never call init.d directly * [3504241] Drop debconf remains -- Jaldhar H. Vyas <email address hidden> Tue, 01 Mar 2016 19:31:42 -0500
Superseded in jessie-release |
dovecot (1:2.2.13-12~deb8u1) stable; urgency=high * [6e16721] Fix a mbox corruption problem by applying two patches from mercurial upstream. - fix-mbox-corruption-18534.patch (changeset 18534:94bd895721d8). - fix-mbox-corruption-18679.patch (changeset 18679:b6ea460e7cc4). Thanks to Santiago Vila <email address hidden> (Closes: 776094) -- Jaldhar H. Vyas <email address hidden> Sun, 31 May 2015 01:38:40 -0400
dovecot (1:2.2.18-2) unstable; urgency=high * [3f3bf71] Updated pigeonhole patch to 0.4.8 (Closes: #792669) -- Jaldhar H. Vyas <email address hidden> Sun, 23 Aug 2015 23:16:28 -0400
dovecot (1:2.2.18-1) unstable; urgency=medium * [cce20a5] Imported Upstream version 2.2.18. Closes: #786760 * [36d2ec1] Refresh patch dovecot_name.patch. * [109e6f8] Drop patch cve-2015-3420.patch: applied upstream. * [6c59f09] Depend on krb5-multidev rather than libkrb5-dev. -- Jelmer Vernooij <email address hidden> Sun, 24 May 2015 15:01:19 +0000
Superseded in sid-release |
dovecot (1:2.2.16-1) unstable; urgency=medium * [e9d9193] Imported Upstream version 2.2.16 * [976c256] Remove gbp- prefix from section names in debian/gbp.conf. * [762b9a6] Add Dutch translation. Thanks, Frans Spiesschaert. Closes: #766203 * [dea3dd6] Drop bye_logout_not_sent.patch: already included upstream. -- Jelmer Vernooij <email address hidden> Mon, 04 May 2015 12:23:05 +0000
Superseded in sid-release |
dovecot (1:2.2.13-12) unstable; urgency=high * [48f6fe4] Add patch cve-2015-3420.patch: Fix SSL/TLS handshake failures leading to a crash of the login process with newer versions of OpenSSL. Closes: #783649 (CVE-2015-3420) -- Jelmer Vernooij <email address hidden> Mon, 04 May 2015 11:38:30 +0000
dovecot (1:2.2.13-11) unstable; urgency=high * [ebc0377] Don't allow install of dovecot-sieve without a new enough dovecot-core. (Closes: #772885) -- Jaldhar H. Vyas <email address hidden> Sun, 14 Dec 2014 12:27:50 -0500
1 → 75 of 146 results | First • Previous • Next • Last |