[ Bryce Harrington ]
* Merge with Debian unstable. (LP: #1946855)
Remaining changes:
- Package references hidden symbols during an LTO link. This needs further
investigation. Until then, disable LTO.
* Dropped:
- SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens
+ debian/patches/CVE-2021-29157.patch: improve escaping in src/lib-dict-extra/dict-fs.c, src/lib-oauth2/oauth2-jwt.c, src/lib-oauth2/test-oauth2-jwt.c.
[Included in Debian 1:2.3.13+dfsg1-2]
- SECURITY UPDATE: plaintext command injection before STARTTLS
+ debian/patches/CVE-2021-33515.patch: properly handle command queue in src/lib-smtp/smtp-server-cmd-starttls.c, src/lib-smtp/smtp-server-connection.c.
[Included in Debian 1:2.3.13+dfsg1-2]
* d/rules: Disable Debian's recent enablement of LTO as well, as it
FTBFS when building with gcc 11.
(LP: #1951325)
[ Simon Chopin ]
* d/p/OpenSSL3.patch: Workaround to fix EC key handling when building
with OpenSSL 3.0.
(LP: #1945763)
This bug was fixed in the package dovecot - 1:2.3.16+ dfsg1-3ubuntu1
--------------- 16+dfsg1- 3ubuntu1) jammy; urgency=medium
dovecot (1:2.3.
[ Bryce Harrington ] tion. Until then, disable LTO. patches/ CVE-2021- 29157.patch: improve escaping in
src/lib- dict-extra/ dict-fs. c, src/lib- oauth2/ oauth2- jwt.c,
src/lib- oauth2/ test-oauth2- jwt.c. patches/ CVE-2021- 33515.patch: properly handle command queue in
src/lib- smtp/smtp- server- cmd-starttls. c,
src/lib- smtp/smtp- server- connection. c.
* Merge with Debian unstable. (LP: #1946855)
Remaining changes:
- Package references hidden symbols during an LTO link. This needs further
investiga
* Dropped:
- SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens
+ debian/
[Included in Debian 1:2.3.13+dfsg1-2]
- SECURITY UPDATE: plaintext command injection before STARTTLS
+ debian/
[Included in Debian 1:2.3.13+dfsg1-2]
* d/rules: Disable Debian's recent enablement of LTO as well, as it
FTBFS when building with gcc 11.
(LP: #1951325)
[ Simon Chopin ]
* d/p/OpenSSL3.patch: Workaround to fix EC key handling when building
with OpenSSL 3.0.
(LP: #1945763)
-- Bryce Harrington <email address hidden> Wed, 17 Nov 2021 13:46:08 -0800