* Merge with Debian unstable (LP: #1771816). Remaining changes:
- Add updated autopkgtest to debian/tests/* (these tests got simplified
and streamlined to use the packages default configuration which solves
LP: #1638865)
* Dropped Changes (now upstream)
- SECURITY UPDATE: rfc822_parse_domain Information Leak Vulnerability
- SECURITY UPDATE: TLS SNI config lookups DoS
- SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
* Dropped Changes (no more needed after 18.04)
- handle conffile removal of /etc/init/dovecot.conf (due to dropping
upstart).
* Dropped Changes (no more needed)
- Drop build dependency on libstemmer-dev (universe) - this is now in main
- Disable dovecot-lucene plugin as it had various issues and is deprecated
in favor of solr anyway (LP 1524526) - no more failing in Cosmic.
* Dropped Changes (mail-stack-delivery)
It was decided to no more carry mail-stack-delivery as a package in favor
to out-of-package solutions. It became less useful due to one of the
biggest benefit (auto-ssl setup) being part of the base setup now.
- Add mail-stack-delivery
- add package in d/rules, d/control
- add d/*mail-stack-delivery* maintainer scripts and default conf
- d/mail-stack-delivery.preinst: Move previously installed backups and
config files to a new package namespace.
- d/mail-stack-delivery.README.Debian clarified use of configuration files
- d/mail-stack-delivery.postinst: Use ssl key/cert paths now set up by
dovecot-core; transition for such configs formerly set up by
mail-stack-delivery to use the new default ssl config (if user had no
conffile change or choses new defaults).
- d/mail-stack-delivery.postinst: if moving dovecot to the new defaults on
upgrade, also move the related postfix key/cert entries.
- debian/99-mail-stack-delivery.conf: do not explicitly enable protocols
as all installed are auto-included from the base config now.
- adapt autopkgtests to match new version.
- d/control: for the ssl transition to work we need to ensure dovecot-core
is complete before upgrading mail-stack-delivery, so add a Pre-Depends.
- d/mail-stack-delivery.postinst: add SSL_CERT/SSL_KEY detection to
postconf section (was formerly initialized at the now dropped key setup)
- d/mail-stack-delivery.postinst: fix SSL_CERT/SSL_KEY detection to only
read non-comments from the right keywords and to strip common bad-chars
- d/mail-stack-delivery.postinst: stop modifying mandatory tls config,
recent upstream has sane defaults now
- debian/99-mail-stack-delivery.conf: drop explicit ssl_cipher_list,
recent upstream has sane defaults now
* Added Changes:
- carry mail-stack-delivery as empty transitional package
(can be dropped >20.04)
dovecot (1:2.2.35-2) unstable; urgency=medium
* [7665652] Use git-subtree to generate pigeonhole patch from git; add
single-debian-patch to d/source/local-options
* [bfa0f10] d/rules: specify libdir manually; previous upload moved modules
under /usr/lib/<triplet>, which was bound to break existing setups
* [982e826] d/copyright: adjust pigeonhole path and bump years
dovecot (1:2.2.35-1) unstable; urgency=medium
* [8108cba] New upstream version 2.2.35
* [6cbbaa1] Update pigeonhole to 0.4.23 (Closes: #892137)
* [9ace5f2] Switch Vcs-* URLs to salsa.d.o
* [ef40625] d/rules: call configure via dh_auto_configure.
Thanks to Helmut Grohne (Closes: #885854)
* [a459455] Drop B-D on libcurl4-gnutls-dev; removed upstream since 2.2
* [235af9d] Update upstream signing key
dovecot (1:2.2.34-2) unstable; urgency=high
* [868dc65] Update pigeonhole to 0.4.22
* Set urgency to high due to the security fixes in 2.2.34-1
dovecot (1:2.2.34-1) unstable; urgency=medium
* [f53dc9a] New upstream version 2.2.34
Fixes the following security issues:
+ CVE-2017-15130: TLS SNI config lookups may lead to excessive memory
usage (Closes: #891820)
+ CVE-2017-14461: rfc822_parse_domain information leak vulnerability
(Closes: #891819)
+ CVE-2017-15132: auth client leaks memory if SASL authentication is
aborted (Closes: #888432)
* [0dc98c6] Do not patch all-settings.c; regenerate it at build time
instead. Thanks to Aki Tuomi!
* [e678e3b] Bump dh compat to 11
+ B-D on debhelper (>= 11~)
+ Use dh_installsystemd instead of dh_systemd_enable
* [271b290] Bump Standards-Version to 4.1.3; no changes needed
* [3cd6715] d/copyright: bump upstream and debian years
* [380d1ac] Drop the ENABLED flag from /etc/default/dovecot (but let the
initscript handle it if it exists)
* [97d6fae] d/watch: switch upstream URL to https://
-- Christian Ehrhardt <email address hidden> Wed, 16 May 2018 14:40:19 +0200
This bug was fixed in the package dovecot - 1:2.2.35-2ubuntu1
---------------
dovecot (1:2.2.35-2ubuntu1) cosmic; urgency=medium
* Merge with Debian unstable (LP: #1771816). Remaining changes: dovecot. conf (due to dropping delivery) stack-delivery* maintainer scripts and default conf stack-delivery. preinst: Move previously installed backups and stack-delivery. README. Debian clarified use of configuration files stack-delivery. postinst: Use ssl key/cert paths now set up by stack-delivery to use the new default ssl config (if user had no stack-delivery. postinst: if moving dovecot to the new defaults on 99-mail- stack-delivery. conf: do not explicitly enable protocols delivery, so add a Pre-Depends. stack-delivery. postinst: add SSL_CERT/SSL_KEY detection to stack-delivery. postinst: fix SSL_CERT/SSL_KEY detection to only stack-delivery. postinst: stop modifying mandatory tls config, 99-mail- stack-delivery. conf: drop explicit ssl_cipher_list,
- Add updated autopkgtest to debian/tests/* (these tests got simplified
and streamlined to use the packages default configuration which solves
LP: #1638865)
* Dropped Changes (now upstream)
- SECURITY UPDATE: rfc822_parse_domain Information Leak Vulnerability
- SECURITY UPDATE: TLS SNI config lookups DoS
- SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
* Dropped Changes (no more needed after 18.04)
- handle conffile removal of /etc/init/
upstart).
* Dropped Changes (no more needed)
- Drop build dependency on libstemmer-dev (universe) - this is now in main
- Disable dovecot-lucene plugin as it had various issues and is deprecated
in favor of solr anyway (LP 1524526) - no more failing in Cosmic.
* Dropped Changes (mail-stack-
It was decided to no more carry mail-stack-delivery as a package in favor
to out-of-package solutions. It became less useful due to one of the
biggest benefit (auto-ssl setup) being part of the base setup now.
- Add mail-stack-delivery
- add package in d/rules, d/control
- add d/*mail-
- d/mail-
config files to a new package namespace.
- d/mail-
- d/mail-
dovecot-core; transition for such configs formerly set up by
mail-
conffile change or choses new defaults).
- d/mail-
upgrade, also move the related postfix key/cert entries.
- debian/
as all installed are auto-included from the base config now.
- adapt autopkgtests to match new version.
- d/control: for the ssl transition to work we need to ensure dovecot-core
is complete before upgrading mail-stack-
- d/mail-
postconf section (was formerly initialized at the now dropped key setup)
- d/mail-
read non-comments from the right keywords and to strip common bad-chars
- d/mail-
recent upstream has sane defaults now
- debian/
recent upstream has sane defaults now
* Added Changes:
- carry mail-stack-delivery as empty transitional package
(can be dropped >20.04)
dovecot (1:2.2.35-2) unstable; urgency=medium
* [7665652] Use git-subtree to generate pigeonhole patch from git; add debian- patch to d/source/ local-options
single-
* [bfa0f10] d/rules: specify libdir manually; previous upload moved modules
under /usr/lib/<triplet>, which was bound to break existing setups
* [982e826] d/copyright: adjust pigeonhole path and bump years
dovecot (1:2.2.35-1) unstable; urgency=medium
* [8108cba] New upstream version 2.2.35 gnutls- dev; removed upstream since 2.2
* [6cbbaa1] Update pigeonhole to 0.4.23 (Closes: #892137)
* [9ace5f2] Switch Vcs-* URLs to salsa.d.o
* [ef40625] d/rules: call configure via dh_auto_configure.
Thanks to Helmut Grohne (Closes: #885854)
* [a459455] Drop B-D on libcurl4-
* [235af9d] Update upstream signing key
dovecot (1:2.2.34-2) unstable; urgency=high
* [868dc65] Update pigeonhole to 0.4.22
* Set urgency to high due to the security fixes in 2.2.34-1
dovecot (1:2.2.34-1) unstable; urgency=medium
* [f53dc9a] New upstream version 2.2.34 dovecot (but let the
Fixes the following security issues:
+ CVE-2017-15130: TLS SNI config lookups may lead to excessive memory
usage (Closes: #891820)
+ CVE-2017-14461: rfc822_parse_domain information leak vulnerability
(Closes: #891819)
+ CVE-2017-15132: auth client leaks memory if SASL authentication is
aborted (Closes: #888432)
* [0dc98c6] Do not patch all-settings.c; regenerate it at build time
instead. Thanks to Aki Tuomi!
* [e678e3b] Bump dh compat to 11
+ B-D on debhelper (>= 11~)
+ Use dh_installsystemd instead of dh_systemd_enable
* [271b290] Bump Standards-Version to 4.1.3; no changes needed
* [3cd6715] d/copyright: bump upstream and debian years
* [380d1ac] Drop the ENABLED flag from /etc/default/
initscript handle it if it exists)
* [97d6fae] d/watch: switch upstream URL to https://
-- Christian Ehrhardt <email address hidden> Wed, 16 May 2018 14:40:19 +0200