Merge dovecot from Debian unstable for kinetic
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dovecot (Ubuntu) |
Fix Released
|
Undecided
|
Bryce Harrington |
Bug Description
Upstream: tbd
Debian: 1:2.3.18+dfsg1-1
Ubuntu: 1:2.3.16+
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
### New Debian Changes ###
dovecot (1:2.3.18+dfsg1-1) unstable; urgency=medium
[ Noah Meyerhans ]
* [36966c8] New upstream version 2.3.18+dfsg1
* [042bda4] Refresh patches for 1:2.3.18+dfsg1-1
-- 'Noah Meyerhans' <email address hidden> Thu, 10 Feb 2022 20:05:50 +0000
dovecot (1:2.3.
[ Christian Göttsche ]
* [40b0010] New upstream version 2.3.17+dfsg1
* [3c377e0] New upstream version 2.3.17.1+dfsg1
* [e2f1ce2] d/patches: rebase and drop upstream applied ones
* [533b7ad] d/control: bump to standards version 4.6.0 (no further changes)
* [02ed6cf] debian: reduce Lintian issues
* [bb3ae48] d/salsa-ci.yml: skip cross build and do not fail on Lintian
warnings
* [bcda7e4] d/control: build against Lua 5.4
* [9eed0dd] d/control: enable libunwind support on available archs
* [1990699] d/patches: cherry-pick memory leak commit
* [426df46] d/patches: cherry-pick imapsieve fix
* [e3d0747] d/patches: add patch for LTO by avoiding unaligned access
(Closes: #997513)
-- Noah Meyerhans <email address hidden> Tue, 14 Dec 2021 09:24:23 -0800
dovecot (1:2.3.16+dfsg1-3) unstable; urgency=medium
* [7b858b6] Fix FTBFS on mips(64)el. Stacktrace generation on these
architectures requires -funwind-tables, as with 32-bit arm.
-- Noah Meyerhans <email address hidden> Thu, 16 Sep 2021 08:41:27 -0700
dovecot (1:2.3.16+dfsg1-2) unstable; urgency=medium
[ Christian Göttsche ]
* [e1e9ece] d/patches: rework backtrace test patch
* [be404bf] d/patches: add big-endian patch
-- Noah Meyerhans <email address hidden> Fri, 10 Sep 2021 16:10:50 -0700
dovecot (1:2.3.16+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [ff4a227] New upstream version 2.3.14+dfsg1
* [963fa3b] New upstream version 2.3.15+dfsg1 (Closes: #991323, #983510)
* [5e0c898] d/watch: adjust dversionmangle for dfsg suffix
* [9ffb0f5] d/patches: update
* [850e1d6] New upstream version 2.3.16+dfsg1
* [7140b87] d/patches: rebase patches
* [fb1b77e] d/rules: enable LTO
* [ce7055d] d/control: add libsystemd-dev dependency
* [db93263] d/copyright: drop unused section
* [aeec1e8] d/rules: update how to set systemdsystemun
* [ebe9709] d/patches: resolve compiler warnings
* [19b2bb0] d/changelog: bump to 1:2.3.16+dfsg1-1
* [58a4078] d/patches: update 32bit warnings patch
[ Noah Meyerhans ]
* [f217c2e] Fix indexer crash
* [b075317] Import upstream patch for indexer crash on client disconnect
* [36e8740] drop debian/
-- Noah Meyerhans <email address hidden> Thu, 02 Sep 2021 13:22:16 -0700
dovecot (1:2.3.13+dfsg1-2) unstable; urgency=high
* Import upstream fixes for security issues (Closes: #990566):
- CVE-2021-29157: Path traversal issue allowing an attacker with
access to the local filesystem can trick OAuth2 authentication into
using an HS256 validation key from an attacker-controlled location
- CVE-2021-33515: Sensitive information could be redirected to an
attacker-
bug in the submission service
-- Noah Meyerhans <email address hidden> Tue, 20 Jul 2021 08:05:19 -0700
dovecot (1:2.3.13+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [6829237] New upstream version 2.3.13 (Closes: #979363)
- CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
- CVE-2020-25275: MIME parsing crashes with particular messages
* [6d25736] Add libzstd-dev to build-dependencies (Closes: #969165)
* [5956798] Rebase patches
* [2cb63c3] Bump to standards version 4.5.1 (no further changes)
* [548bac5] Drop unmatched copyright src/lib-ntlm/* wildcard
* [6f33f3f] Ignore package-
false-positives
* [dde9c94] Handle removed configuration file in postinst
[ Pino Toscano ]
* [04a60e3] d/{control,rules}: disable apparmor support on !linux archs
(Closes: #951869)
[ Helmut Grohne ]
* [e5f9fcb] d/patches: improve cross-compile support (Closes: #979370)
### Old Ubuntu Delta ###
dovecot (1:2.3.
* No-change rebuild for icu soname change.
-- Matthias Klose <email address hidden> Wed, 09 Feb 2022 09:13:08 +0100
dovecot (1:2.3.
[ Bryce Harrington ]
* Merge with Debian unstable. (LP: #1946855)
Remaining changes:
- Package references hidden symbols during an LTO link. This needs further
investiga
* Dropped:
- SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens
+ debian/
[Included in Debian 1:2.3.13+dfsg1-2]
- SECURITY UPDATE: plaintext command injection before STARTTLS
+ debian/
[Included in Debian 1:2.3.13+dfsg1-2]
* d/rules: Disable Debian's recent enablement of LTO as well, as it
FTBFS when building with gcc 11.
(LP: #1951325)
[ Simon Chopin ]
* d/p/OpenSSL3.patch: Workaround to fix EC key handling when building
with OpenSSL 3.0.
(LP: #1945763)
-- Bryce Harrington <email address hidden> Wed, 17 Nov 2021 13:46:08 -0800
Related branches
- git-ubuntu bot: Approve
- Sergio Durigan Junior (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 172 lines (+118/-3)3 files modifieddebian/changelog (+114/-0)
debian/control (+3/-2)
debian/rules (+1/-1)
Changed in dovecot (Ubuntu): | |
milestone: | none → ubuntu-22.07 |
Changed in dovecot (Ubuntu): | |
assignee: | nobody → Bryce Harrington (bryce) |
Changed in dovecot (Ubuntu): | |
status: | New → In Progress |
Changed in dovecot (Ubuntu): | |
status: | In Progress → Fix Committed |
This bug was fixed in the package dovecot - 1:2.3.19. 1+dfsg1- 2ubuntu2
--------------- 19.1+dfsg1- 2ubuntu2) kinetic; urgency=medium
dovecot (1:2.3.
* d/control: Build against Lua 5.3 rather than 5.4 for kinetic
-- Bryce Harrington <email address hidden> Fri, 12 Aug 2022 01:08:37 +0000