[ubuntu/jammy-proposed] dovecot 1:2.3.16+dfsg1-3ubuntu1 (Accepted)
Bryce Harrington
bryce at canonical.com
Tue Nov 30 00:30:15 UTC 2021
dovecot (1:2.3.16+dfsg1-3ubuntu1) jammy; urgency=medium
[ Bryce Harrington ]
* Merge with Debian unstable. (LP: #1946855)
Remaining changes:
- Package references hidden symbols during an LTO link. This needs further
investigation. Until then, disable LTO.
* Dropped:
- SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens
+ debian/patches/CVE-2021-29157.patch: improve escaping in
src/lib-dict-extra/dict-fs.c, src/lib-oauth2/oauth2-jwt.c,
src/lib-oauth2/test-oauth2-jwt.c.
[Included in Debian 1:2.3.13+dfsg1-2]
- SECURITY UPDATE: plaintext command injection before STARTTLS
+ debian/patches/CVE-2021-33515.patch: properly handle command queue in
src/lib-smtp/smtp-server-cmd-starttls.c,
src/lib-smtp/smtp-server-connection.c.
[Included in Debian 1:2.3.13+dfsg1-2]
* d/rules: Disable Debian's recent enablement of LTO as well, as it
FTBFS when building with gcc 11.
(LP: #1951325)
[ Simon Chopin ]
* d/p/OpenSSL3.patch: Workaround to fix EC key handling when building
with OpenSSL 3.0.
(LP: #1945763)
Date: Wed, 17 Nov 2021 13:46:08 -0800
Changed-By: Bryce Harrington <bryce at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.16+dfsg1-3ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 17 Nov 2021 13:46:08 -0800
Source: dovecot
Built-For-Profiles: noudeb
Architecture: source
Version: 1:2.3.16+dfsg1-3ubuntu1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Bryce Harrington <bryce at canonical.com>
Launchpad-Bugs-Fixed: 1945763 1946855 1951325
Changes:
dovecot (1:2.3.16+dfsg1-3ubuntu1) jammy; urgency=medium
.
[ Bryce Harrington ]
* Merge with Debian unstable. (LP: #1946855)
Remaining changes:
- Package references hidden symbols during an LTO link. This needs further
investigation. Until then, disable LTO.
* Dropped:
- SECURITY UPDATE: incorrectly escapes kid and azp fields in JWT tokens
+ debian/patches/CVE-2021-29157.patch: improve escaping in
src/lib-dict-extra/dict-fs.c, src/lib-oauth2/oauth2-jwt.c,
src/lib-oauth2/test-oauth2-jwt.c.
[Included in Debian 1:2.3.13+dfsg1-2]
- SECURITY UPDATE: plaintext command injection before STARTTLS
+ debian/patches/CVE-2021-33515.patch: properly handle command queue in
src/lib-smtp/smtp-server-cmd-starttls.c,
src/lib-smtp/smtp-server-connection.c.
[Included in Debian 1:2.3.13+dfsg1-2]
* d/rules: Disable Debian's recent enablement of LTO as well, as it
FTBFS when building with gcc 11.
(LP: #1951325)
.
[ Simon Chopin ]
* d/p/OpenSSL3.patch: Workaround to fix EC key handling when building
with OpenSSL 3.0.
(LP: #1945763)
Checksums-Sha1:
837d25e77781d9208625ad611e99b15aab5fae39 3836 dovecot_2.3.16+dfsg1-3ubuntu1.dsc
00a378d9a12a0bbeafec9915f75344d8c26e9c9d 1626913 dovecot_2.3.16+dfsg1.orig-pigeonhole.tar.gz
b5c598ae8b9901bfabdf2c93271f57cde0bde73e 7650008 dovecot_2.3.16+dfsg1.orig.tar.gz
03866528523858d773ed05f0a1f106b61f93e9aa 67120 dovecot_2.3.16+dfsg1-3ubuntu1.debian.tar.xz
3c553707b4cba0c3a18b6e24c2d21b3ff1fffaa5 9043 dovecot_2.3.16+dfsg1-3ubuntu1_source.buildinfo
Checksums-Sha256:
5646eef331c45930a74de4ee00de5e5673335ce7d5d3bfa98ec9ca067b336685 3836 dovecot_2.3.16+dfsg1-3ubuntu1.dsc
0438a36c7aef41a9d12df1f2ca792ed5d18df3e23bc241e5a0f762cf4456eb6e 1626913 dovecot_2.3.16+dfsg1.orig-pigeonhole.tar.gz
03a71d53055bd9ec528d55e07afaf15c09dec9856cba734904bfd05acbc6cf12 7650008 dovecot_2.3.16+dfsg1.orig.tar.gz
9a6e50e954987a83f12e53f19a7fe6cfe85a377913921569d28eb320d7f319c2 67120 dovecot_2.3.16+dfsg1-3ubuntu1.debian.tar.xz
caeb1fa4b129f41c3788e2304aeeb569ad5afbedca6c6f98e45e34e575954c46 9043 dovecot_2.3.16+dfsg1-3ubuntu1_source.buildinfo
Files:
1789dfbe430c7ee457df39c10e672107 3836 mail optional dovecot_2.3.16+dfsg1-3ubuntu1.dsc
1f7633915873f64ffbe4642749a9990e 1626913 mail optional dovecot_2.3.16+dfsg1.orig-pigeonhole.tar.gz
946dc6a89db0d11d0061f0d4447263dc 7650008 mail optional dovecot_2.3.16+dfsg1.orig.tar.gz
8fefcb4d15da314b71b66a8136378677 67120 mail optional dovecot_2.3.16+dfsg1-3ubuntu1.debian.tar.xz
fb6191b3fb60e2ad006d35338f39a982 9043 mail optional dovecot_2.3.16+dfsg1-3ubuntu1_source.buildinfo
Original-Maintainer: Dovecot Maintainers <dovecot at packages.debian.org>
Vcs-Git: https://git.launchpad.net/~bryce/ubuntu/+source/dovecot
Vcs-Git-Commit: 4440c1547a55d11b39c6bc2e9455d16ce3af60ee
Vcs-Git-Ref: refs/heads/merge-v1e2.3.16adfsg1-3-jammy
More information about the jammy-changes
mailing list