Merge dovecot from Debian unstable for kinetic

Upstream: tbd
Debian: 1:2.3.18+dfsg1-1
Ubuntu: 1:2.3.16+dfsg1-3ubuntu3

Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.

### New Debian Changes ###

dovecot (1:2.3.18+dfsg1-1) unstable; urgency=medium

  [ Noah Meyerhans ]
  * [36966c8] New upstream version 2.3.18+dfsg1
  * [042bda4] Refresh patches for 1:2.3.18+dfsg1-1

 -- 'Noah Meyerhans' <email address hidden> Thu, 10 Feb 2022 20:05:50 +0000

dovecot (1:2.3.17.1+dfsg1-1) unstable; urgency=medium

  [ Christian Göttsche ]
  * [40b0010] New upstream version 2.3.17+dfsg1
  * [3c377e0] New upstream version 2.3.17.1+dfsg1
  * [e2f1ce2] d/patches: rebase and drop upstream applied ones
  * [533b7ad] d/control: bump to standards version 4.6.0 (no further changes)
  * [02ed6cf] debian: reduce Lintian issues
  * [bb3ae48] d/salsa-ci.yml: skip cross build and do not fail on Lintian
    warnings
  * [bcda7e4] d/control: build against Lua 5.4
  * [9eed0dd] d/control: enable libunwind support on available archs
  * [1990699] d/patches: cherry-pick memory leak commit
  * [426df46] d/patches: cherry-pick imapsieve fix
  * [e3d0747] d/patches: add patch for LTO by avoiding unaligned access
    (Closes: #997513)

 -- Noah Meyerhans <email address hidden> Tue, 14 Dec 2021 09:24:23 -0800

dovecot (1:2.3.16+dfsg1-3) unstable; urgency=medium

  * [7b858b6] Fix FTBFS on mips(64)el. Stacktrace generation on these
    architectures requires -funwind-tables, as with 32-bit arm.

 -- Noah Meyerhans <email address hidden> Thu, 16 Sep 2021 08:41:27 -0700

dovecot (1:2.3.16+dfsg1-2) unstable; urgency=medium

  [ Christian Göttsche ]
  * [e1e9ece] d/patches: rework backtrace test patch
  * [be404bf] d/patches: add big-endian patch

 -- Noah Meyerhans <email address hidden> Fri, 10 Sep 2021 16:10:50 -0700

dovecot (1:2.3.16+dfsg1-1) unstable; urgency=medium

  [ Christian Göttsche ]
  * [ff4a227] New upstream version 2.3.14+dfsg1
  * [963fa3b] New upstream version 2.3.15+dfsg1 (Closes: #991323, #983510)
  * [5e0c898] d/watch: adjust dversionmangle for dfsg suffix
  * [9ffb0f5] d/patches: update
  * [850e1d6] New upstream version 2.3.16+dfsg1
  * [7140b87] d/patches: rebase patches
  * [fb1b77e] d/rules: enable LTO
  * [ce7055d] d/control: add libsystemd-dev dependency
  * [db93263] d/copyright: drop unused section
  * [aeec1e8] d/rules: update how to set systemdsystemunitdir
  * [ebe9709] d/patches: resolve compiler warnings
  * [19b2bb0] d/changelog: bump to 1:2.3.16+dfsg1-1
  * [58a4078] d/patches: update 32bit warnings patch

  [ Noah Meyerhans ]
  * [f217c2e] Fix indexer crash
  * [b075317] Import upstream patch for indexer crash on client disconnect
  * [36e8740] drop debian/dovecot-core.maintscript

 -- Noah Meyerhans <email address hidden> Thu, 02 Sep 2021 13:22:16 -0700

dovecot (1:2.3.13+dfsg1-2) unstable; urgency=high

  * Import upstream fixes for security issues (Closes: #990566):
    - CVE-2021-29157: Path traversal issue allowing an attacker with
      access to the local filesystem can trick OAuth2 authentication into
      using an HS256 validation key from an attacker-controlled location
    - CVE-2021-33515: Sensitive information could be redirected to an
      attacker-controlled address because of a STARTTLS command injection
      bug in the submission service

 -- Noah Meyerhans <email address hidden> Tue, 20 Jul 2021 08:05:19 -0700

dovecot (1:2.3.13+dfsg1-1) unstable; urgency=medium

  [ Christian Göttsche ]
  * [6829237] New upstream version 2.3.13 (Closes: #979363)
    - CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
    - CVE-2020-25275: MIME parsing crashes with particular messages

  * [6d25736] Add libzstd-dev to build-dependencies (Closes: #969165)
  * [5956798] Rebase patches
  * [2cb63c3] Bump to standards version 4.5.1 (no further changes)
  * [548bac5] Drop unmatched copyright src/lib-ntlm/* wildcard
  * [6f33f3f] Ignore package-contains-documentation-outside-usr-share-doc
    false-positives
  * [dde9c94] Handle removed configuration file in postinst

  [ Pino Toscano ]
  * [04a60e3] d/{control,rules}: disable apparmor support on !linux archs
    (Closes: #951869)

  [ Helmut Grohne ]
  * [e5f9fcb] d/patches: improve cross-compile support (Closes: #979370)

### Old Ubuntu Delta ###

dovecot (1:2.3.16+dfsg1-3ubuntu2) jammy; urgency=medium

  * No-change rebuild for icu soname change.

 -- Matthias Klose <email address hidden> Wed, 09 Feb 2022 09:13:08 +0100

dovecot (1:2.3.16+dfsg1-3ubuntu1) jammy; urgency=medium

  [ Bryce Harrington ]
  * Merge with Debian unstable. (LP: #1946855)
    Remaining changes:
    - Package references hidden symbols during an LTO link. This needs further
      investigation. Until then, disable LTO.
  * Dropped:
    - SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens
      + debian/patches/CVE-2021-29157.patch: improve escaping in
        src/lib-dict-extra/dict-fs.c, src/lib-oauth2/oauth2-jwt.c,
        src/lib-oauth2/test-oauth2-jwt.c.
      [Included in Debian 1:2.3.13+dfsg1-2]
    - SECURITY UPDATE: plaintext command injection before STARTTLS
      + debian/patches/CVE-2021-33515.patch: properly handle command queue in
        src/lib-smtp/smtp-server-cmd-starttls.c,
        src/lib-smtp/smtp-server-connection.c.
      [Included in Debian 1:2.3.13+dfsg1-2]
  * d/rules: Disable Debian's recent enablement of LTO as well, as it
    FTBFS when building with gcc 11.
    (LP: #1951325)

  [ Simon Chopin ]
  * d/p/OpenSSL3.patch: Workaround to fix EC key handling when building
    with OpenSSL 3.0.
    (LP: #1945763)

 -- Bryce Harrington <email address hidden> Wed, 17 Nov 2021 13:46:08 -0800