From: Raspbian automatic forward porter Date: Sat, 18 Apr 2026 18:33:52 +0000 (+0100) Subject: Merge version 1:2.4.2+dfsg1-3+rpi1 and 1:2.4.3+dfsg1-2 to produce 1:2.4.3+dfsg1-2... X-Git-Tag: archive/raspbian/1%2.4.3+dfsg1-2+rpi1^0 X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/%22mailto:tmurad%40gmail.com//%22mailto:i18n-csb%40linuxcsb.org/%22/%22http:/www.example.com/%22mailto:tmurad%40gmail.com/%22mailto:i18n-csb%40linuxcsb.org/%22?a=commitdiff_plain;h=52e2ba6ed9ce52dcac759fec94c49e091b2b05a3;p=dovecot.git Merge version 1:2.4.2+dfsg1-3+rpi1 and 1:2.4.3+dfsg1-2 to produce 1:2.4.3+dfsg1-2+rpi1 --- 52e2ba6ed9ce52dcac759fec94c49e091b2b05a3 diff --cc debian/changelog index 2a83469,3380e75..a57cdfa --- a/debian/changelog +++ b/debian/changelog @@@ -1,9 -1,70 +1,77 @@@ - dovecot (1:2.4.2+dfsg1-3+rpi1) forky-staging; urgency=medium ++dovecot (1:2.4.3+dfsg1-2+rpi1) forky-staging; urgency=medium + + [changes brought forward from 1:2.3.21+dfsg1-3+rpi1 by Peter Michael Green at Thu, 20 Jun 2024 17:16:27 +0000] + * Disablte testsuite. + - -- Raspbian forward porter Sun, 08 Feb 2026 14:26:07 +0000 ++ -- Raspbian forward porter Sat, 18 Apr 2026 18:33:51 +0000 ++ + dovecot (1:2.4.3+dfsg1-2) unstable; urgency=medium + + * [2e35d07] autopkgtests: Add managesieved authentication test + * [226112b] Remove generated settings-history-pigeonhole.h on clean + * [dd36c64] ci: replace obsolete build-package-twice test + * [d6da850] use an alternate temporary directory in the test suite + (Closes: #1133346) + * [80afe14] ci: disable the validate-package-clean-up check + * [c9e076a] drop stale lintian overrides + + -- Noah Meyerhans Tue, 14 Apr 2026 15:36:12 -0400 + + dovecot (1:2.4.3+dfsg1-1) unstable; urgency=medium + + [ Max Nikulin ] + * [ea2f6e5] conf.d/10-mail.conf: Fix broken link to mbox.html + * [6e8d7c5] dovecot-core.README.Debian: fix docs URL + + [ Christian Kastner ] + * [a46c892] auth_mechanisms: 'login' no longer part of default + + [ Christian Göttsche ] + * [86f1990] d/control: fix indentation + * [81e373f] d/dovecot-core.bug-control: add missing binary packages + * [ebb77bf] d/dovecot-core.postrm: restart to reload modules + * [6774c19] d/dovecot-flatcurve.postinst: fix copy+paste mistake + * [94bb48d] d/rules: use find ... -delete instead of rm + * [540e3f1] d/dovecot*.postinst: remove dead code + + [ Noah Meyerhans ] + * [4ec7e67] New upstream version 2.4.3+dfsg1 resolves multiple security + issues: + - CVE-2025-59028: Invalid base64 authentication can cause DoS for + other logins. + and read unintended files during indexing. Fixed by dropping the + script. + - CVE-2026-24031: SQL injection possible if auth_username_chars is + configured empty. Fixed escaping to always happen. v2.4 regression. + - CVE-2026-27859: Excessive RFC 2231 MIME parameters in email would cause + excessive CPU usage. Fixed by limiting number of parameters to process. + - CVE-2026-27860: LDAP query injection possible if auth_username_chars + is configured empty. Fixed escaping to always happen. v2.4 + regression. + - CVE-2026-27857: Sending excessive parenthesis causes imap-login to + use excessive memory. + - CVE-2026-27856: Doveadm credentials were not checked using + timing-safe checking function. + - CVE-2026-27855: OTP driver vulnerable to replay attack. + * [83a079c] Refresh or drop patches + * [6ccfe01] Stop installing decode2text.sh per CVE-2025-59031 + * [44f9918] transfer ownership of conf.d/90-fts-flatcurve.conf to the + right package + * [4dc8772] Add python3 to build-depends for src/lib-settings + * [deae63d] autopkgtest: store hashed rather than plaintext passwords in + passdbs + * [edc5e6a] add dovecot-ldap autopkgtests + + -- Noah Meyerhans Fri, 03 Apr 2026 14:36:36 -0400 + + dovecot (1:2.4.2+dfsg1-4) unstable; urgency=medium + + * [e8f1499] Drop stale build-dependency on libdb-dev (Closes: #1119173) + * [86b8fb2] lib: Preserve errno in our malloc() and free() wrappers + (Closes: #1128400) + * [99e1cd6] backport upstream fix for crash in trash plugin (Closes: #1127029) + + -- Noah Meyerhans Wed, 04 Mar 2026 20:08:14 -0500 dovecot (1:2.4.2+dfsg1-3) unstable; urgency=medium