Change logs for dovecot source package in Trusty

  • dovecot (1:2.2.9-1ubuntu2.6) trusty-security; urgency=medium
    
      * SECURITY UPDATE: stack overflow when reading FTS or POP3-UIDL header
        - debian/patches/CVE-2019-7524-2.patch: fix buffer overflow when
          reading oversized fts header in src/plugins/fts/fts-api.c.
        - CVE-2019-7524
    
     -- Marc Deslauriers <email address hidden>  Fri, 29 Mar 2019 08:03:10 -0400
  • dovecot (1:2.2.9-1ubuntu2.5) trusty-security; urgency=medium
    
      * SECURITY UPDATE: incorrect client certificate validation
        - debian/patches/CVE-2019-3814-1.patch: do not import empty certificate
          username in src/auth/auth-request.c.
        - debian/patches/CVE-2019-3814-2.patch: fail authentication if
          certificate username was unexpectedly missing in
          src/auth/auth-request-handler.c.
        - debian/patches/CVE-2019-3814-3.patch: ensure we get username from
          certificate in src/login-common/sasl-server.c.
        - CVE-2019-3814
    
     -- Marc Deslauriers <email address hidden>  Mon, 28 Jan 2019 08:53:54 -0500
  • dovecot (1:2.2.9-1ubuntu2.4) trusty-security; urgency=medium
    
      * SECURITY UPDATE: rfc822_parse_domain Information Leak Vulnerability
        - debian/patches/CVE-2017-14461/*.patch: upstream parsing fixes.
        - CVE-2017-14461
      * SECURITY UPDATE: TLS SNI config lookups DoS
        - debian/patches/CVE-2017-15130/*.patch: upstream config filtering fix.
        - CVE-2017-15130
    
     -- Marc Deslauriers <email address hidden>  Tue, 27 Feb 2018 09:31:36 -0500
  • dovecot (1:2.2.9-1ubuntu2.3) trusty-security; urgency=medium
    
      * SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
        - debian/patches/CVE-2017-15132.patch: fix memory leak in
          auth_client_request_abort() in src/lib-auth/auth-client-request.c.
        - debian/patches/CVE-2017-15132-additional.patch: remove request after
          abort in src/lib-auth/auth-client-request.c,
          src/lib-auth/auth-server-connection.c,
          src/lib-auth/auth-serser-connection.h.
        - CVE-2017-15132
    
     -- <email address hidden> (Leonidas S. Barbosa)  Wed, 31 Jan 2018 12:54:53 -0300
  • dovecot (1:2.2.9-1ubuntu2.1) trusty-security; urgency=medium
    
      * SECURITY UPDATE: denial of service via SSL connection exhaustion
        - debian/patches/CVE-2014-3430.patch: properly close connections in
          src/login-common/client-common.c,
          src/login-common/ssl-proxy-openssl.c,
          src/login-common/ssl-proxy.h.
        - CVE-2014-3430
     -- Marc Deslauriers <email address hidden>   Wed, 14 May 2014 13:14:05 -0400
  • dovecot (1:2.2.9-1ubuntu2) trusty; urgency=medium
    
      * d/dovecot-core.config: Drop db_input for ssl-cert-exists; this message
        not actually an error, is documented in the README.Debian, and blocks
        automated upgrades (LP: #1278897).
     -- James Page <email address hidden>   Fri, 07 Mar 2014 12:42:58 +0000
  • dovecot (1:2.2.9-1ubuntu1) trusty; urgency=medium
    
      * Merge from Debian unstable, remaining changes:
        + Add mail-stack-delivery package:
          - Update d/rules
          - d/control: convert existing dovecot-postfix package to a dummy
            package and add new mail-stack-delivery package.
          - Update maintainer scripts.
          - Rename d/dovecot-postfix.* to debian/mail-stack-delivery.*
          - d/mail-stack-delivery.preinst: Move previously installed backups and
            config files to a new package namespace.
          - d/mail-stack-delivery.prerm: Added to handle downgrades.
        + Use Snakeoil SSL certificates by default:
          - d/control: Depend on ssl-cert.
          - d/dovecot-core.postinst: Relax grep for SSL_* a bit.
        + Add autopkgtest to debian/tests/*.
        + Add ufw integration:
          - d/dovecot-core.ufw.profile: new ufw profile.
          - d/rules: install profile in dovecot-core.
          - d/control: dovecot-core - suggest ufw.
        + d/dovecot-core.dirs: Added usr/share/doc/dovecot-core
        + Add apport hook:
          - d/rules, d/source_dovecot.py
        + Add upstart job:
          - d/rules, d/dovecot-core.dovecot.upstart, d/control,
            d/dovecot-core.dirs, dovecot-imapd.{postrm, postinst, prerm},
            d/dovecot-pop3d.{postinst, postrm, prerm}.
            d/mail-stack-deliver.postinst: Convert init script to upstart.
        + Use the autotools-dev dh addon to update config.guess/config.sub for
          arm64.
      * Dropped changes, included in Debian:
        - Update Dovecot name to reflect distribution in login greeting.
        - Update Drac plugin for >= 2.0.0 support.
      * d/control: Drop dovecot-postfix package as its no longer required.
    
    dovecot (1:2.2.9-1) unstable; urgency=low
    
      [ Jaldhar H. Vyas ]
      * [77468cf] Imported Upstream version 2.2.9
      * [43e08f3] Place dovenull user in its own group. (Closes: #725164)
      * [e1a3e9c] Handled the fact that dovecot-db.conf.ext is no longer used.
        (Closes: #728107, #730403)
    
      [Debconf translation updates]
      * Russian (Yuri Kozlov).  (Closes: #729106)
      * German (Chris Leick).  (Closes: #729358)
      * Danish (Joe Hansen).  (Closes: #729425)
      * French (Julien Patriarca).  (Closes: #729966)
      * Portuguese (Américo Monteiro).  (Closes: #730006)
      * Polish (Michał Kułach).  (Closes: #730061)
      * Italian (Beatrice Torracca).  (Closes: #730136)
      * Japanese (victory).  (Closes: #73017)
      * Swedish (Martin Bagge / brother).  (Closes: #730188)
      * Spanish; (Camaleón).  (Closes: #730354)
    
    dovecot (1:2.2.8-1) UNRELEASED; urgency=low
    
      * [6157a2b] New upstream version 2.2.8
    
    dovecot (1:2.2.5-1) experimental; urgency=low
    
      [ Micah Anderson ]
      * [a0035bf] New upstream version 2.2.5
      * [a053c49] Update pigeonhole patch to 0.4.1
      * [689cd67] refreshed patches
    
      [ Jaldhar H. Vyas ]
      * Caused bugs and then fixed them again.
    
    dovecot (1:2.1.17-2) unstable; urgency=low
    
      * [e8286e0] New version of drac patch taken from Ubuntu which works better
        with 2.x (Closes: #716764)
      * [23acb40] Add a patch from Ubuntu to report the distro name in the login
        banner why not.
      * [f8d566e] Don't need dovecot-common package anymore; get rid of it.
    
    dovecot (1:2.1.17-1) experimental; urgency=low
    
      [ Jaldhar H. Vyas ]
      * [fa0d6aa] Re-enable mbox write locking patch to comply with policy 11.6
        (Closes: #720502)
      * [38691fb] New upstream version (Closes: #719021)
      * [1361144] prompts in dovecot-core postinst debconfiscated.
      * IN MEMORIAM: Goldy the Goldfish (2000-2013)  You were a prince (or
        perhaps princess?) among fish and we shall all miss you dearly.
        May your karmas merit much punya in future lives.
    
    dovecot (1:2.1.16-1) experimental; urgency=low
    
      * [9741bd8] New Upstream version
      * [3476489] Updated pigeonhole patch to 0.3.5
      * [d4f236f] Removed some patches which are no longer required.
    
    dovecot (1:2.1.7-8) experimental; urgency=low
    
      * This version is not actually intended for upload.  It merely undoes
        some changes made for the the wheezy release.  Namely, the following
        features are back:
        - TCP Wrappers support
        - Hurd compatibility support
        - Triggers.
     -- James Page <email address hidden>   Wed, 08 Jan 2014 09:35:49 +0000
  • dovecot (1:2.1.7-7ubuntu3) saucy; urgency=low
    
      * Use the autotools-dev dh addon to update config.guess/config.sub for
        arm64.
     -- Colin Watson <email address hidden>   Thu, 10 Oct 2013 11:55:27 +0100