openSUSE Build Service

buildservice-autocommit accepted request 757626 from

Lars Vogdt (lrupp) over 4 years ago (revision 60)

baserev update by copy to link target

Lars Vogdt (lrupp) accepted request 756989 from

Michael Ströder (stroeder) over 4 years ago (revision 59)

update to 2.3.9.2 with security fixes

buildservice-autocommit accepted request 748910 from

Factory Maintainer (factory-maintainer) over 4 years ago (revision 58)

baserev update by copy to link target

Marcus Rueckert (darix) accepted request 746586 from

Arjen de Korte (adkorte) over 4 years ago (revision 57)

- Disable Link Time Optimization (LTO) (boo#1156301)

buildservice-autocommit accepted request 738214 from

Илья Индиго (13ilya) over 4 years ago (revision 56)

baserev update by copy to link target

Marcus Rueckert (darix) accepted request 736329 from

Michael Ströder (stroeder) over 4 years ago (revision 55)

update to 2.3.8 and pigeonhole to 0.5.8

buildservice-autocommit accepted request 726988 from

Marcus Rueckert (darix) over 4 years ago (revision 54)

baserev update by copy to link target

Marcus Rueckert (darix) committed over 4 years ago (revision 53)

add bugnumbers

Marcus Rueckert (darix) committed over 4 years ago (revision 52)

- update to 2.3.7.2
  * CVE-2019-11500: IMAP protocol parser does not properly handle
    NUL byte when scanning data in quoted strings, leading to out
    of bounds heap memory writes. Found by Nick Roessler and Rafi
    Rubin.
- update pigeonhole to 0.5.7.2
  * CVE-2019-11500: ManageSieve protocol parser does not properly
    handle NUL byte when scanning data in quoted strings, leading
    to out of bounds heap memory writes. Found by Nick Roessler and
    Rafi Rubin.
- refreshed patches to apply cleanly again:
  dovecot-2.3.0-better_ssl_defaults.patch
  dovecot-2.3.0-dont_use_etc_ssl_certs.patch

buildservice-autocommit accepted request 718437 from

Илья Индиго (13ilya) almost 5 years ago (revision 51)

baserev update by copy to link target

Marcus Rueckert (darix) accepted request 718004 from

Michael Ströder (stroeder) almost 5 years ago (revision 50)

update to 2.3.7.1 and pigeonhole to 0.5.7.1

Lars Vogdt (lrupp) accepted request 704275 from

Peter Varkoly (varkoly) almost 5 years ago (revision 49)

- bsc#1134242 - upgrade from 42.3 to 15.1: dovecot shows Unknown
  protocol 'SSLv2'
  * remove !SSLv2 from existing ssl_protocols configuration
    during upgrade

buildservice-autocommit accepted request 699690 from

Marcus Rueckert (darix) about 5 years ago (revision 48)

baserev update by copy to link target

Marcus Rueckert (darix) committed about 5 years ago (revision 47)

- update pigeonhole to 0.5.6
  + sieve: Redirect loop prevention is sometimes ineffective.
    Improve existing loop detection by also recognizing the
    X-Sieve-Redirected-From header in incoming messages and
    dropping redirect actions when it points to the sending
    account. This header is already added by the redirect action,
    so this improvement only adds an additional use of this header.
  - sieve: Prevent execution of implicit keep upon temporary
    failure occurring at runtime.

Marcus Rueckert (darix) committed about 5 years ago (revision 46)

- update to 2.3.6: (boo#1133624 boo#1133625)
  * CVE-2019-11494: Submission-login crashed with signal 11 due to
    null pointer access when authentication was aborted by
    disconnecting.
  * CVE-2019-11499: Submission-login crashed when authentication
    was started over TLS secured channel and invalid authentication
    message was sent.
  * auth: Support password grant with passdb oauth2.
  + Use system default CAs for outbound TLS connections.
  + Simplify array handling with new helper macros.
  + fts_solr: Enable configuring batch_size and soft_commit features.
  - lmtp/submission: Fixed various bugs in XCLIENT handling,
    including a hang when XCLIENT commands were sent infinitely to
    the remote server.
  - lmtp/submission: Forwarded multi-line replies were erroneously
    sent as two replies to the client.
  - lib-smtp: client: Message was not guaranteed to contain CRLF
    consistently when CHUNKING was used.
  - fts_solr: Plugin was no longer compatible with Solr 7.
  - Make it possible to disable certificate checking without
    setting ssl_client_ca_* settings.
  - pop3c: SSL support was broken.
  - mysql: Closing connection twice lead to crash on some systems.
  - auth: Multiple oauth2 passdbs crashed auth process on deinit.
  - HTTP client connection errors infrequently triggered a
    segmentation fault when the connection was idle and not used
    for a particular client instance.
- drop https://github.com/dovecot/core/commit/3c5101ffd.patch

Marcus Rueckert (darix) committed about 5 years ago (revision 45)

- backport https://github.com/dovecot/core/commit/3c5101ffd.patch
  [PATCH] driver-mysql: Avoid double-closing MySQL connection

buildservice-autocommit accepted request 695556 from

Marcus Rueckert (darix) about 5 years ago (revision 44)

baserev update by copy to link target

Marcus Rueckert (darix) committed about 5 years ago (revision 43)

- update to 2.3.5.2 (boo#1132501)
  * CVE-2019-10691: Trying to login with 8bit username containing
    invalid UTF8 input causes auth process to crash if auth policy
    is enabled. This could be used rather easily to cause a DoS.
    Similar crash also happens during mail delivery when using
    invalid UTF8 in From or Subject header when OX push
    notification driver is used.
- update to 2.3.5.1 (boo#1130116)

buildservice-autocommit accepted request 689340 from

Marcus Rueckert (darix) about 5 years ago (revision 42)

baserev update by copy to link target

Marcus Rueckert (darix) committed about 5 years ago (revision 41)

- update to 2.3.5.1
  * CVE-2019-7524: Missing input buffer size validation leads into
    arbitrary buffer overflow when reading fts or pop3 uidl header
    from Dovecot index. Exploiting this requires direct write
    access to the index files.

Places

Revisions of dovecot23

Places