summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Aki Tuomi [Fri, 9 Jan 2026 11:31:42 +0000 (13:31 +0200)]
[PATCH] trash: Use mailbox event in trash_try_mailbox() for settings
From
06af53902479572fc96f04b4372fdabb9d01996b Mon Sep 17 00:00:00 2001
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=
1127029
Gbp-Pq: Name 0001-trash-Use-mailbox-event-in-trash_try_mailbox-for-set.patch
Timo Sirainen [Thu, 6 Nov 2025 12:52:37 +0000 (14:52 +0200)]
[PATCH] auth: ldap - Fix crash if users are iterated, but userdb_ldap_iterate_fields is not set
From
576a2f52bff4c13971d9e6d1172857a4f18ddd14 Mon Sep 17 00:00:00 2001
Bug-Debian: https://bugs.debian.org/
1121000
Bug-Debian: https://bugs.debian.org/
1121000
Gbp-Pq: Name bug1121000_dovecot-ldap_Crash_if_iterate_filter_is_set_but_iterate_fields_is_not_set.patch
Alexander Gerasiov [Tue, 23 Sep 2025 10:50:43 +0000 (13:50 +0300)]
[PATCH] lib-sieve/sieve-script.c: sieve_script_create_common: Correctly handle errors.
Fixes null pointer deref (e.g. in case of absent file).
Gbp-Pq: Name lib-sieve_sieve-script_c_sieve_script_create_common_Correctly_handle_errors.patch
Timo Sirainen [Thu, 15 May 2025 10:06:56 +0000 (13:06 +0300)]
[PATCH] auth: Terminate properly auth_oauth2_post_setting_defines list
Fixes:
Error: xoauth2: oauth2 failed: Local validation failed: auth_oauth2_fields settings: Failed to parse configuration: settings struct auth_oauth2_fields #1 key mismatch
Gbp-Pq: Name auth__Terminate_properly_auth_oauth2_post_setting_defines.patch
Aki Tuomi [Fri, 25 Jul 2025 05:16:52 +0000 (08:16 +0300)]
[PATCH] auth: Use AUTH_CACHE_KEY_USER instead of per-database constants
Fixes cache key issue where users would end up overwriting
each other in cache due to cache key being essentially static
string because we no longer support %u.
Forgotten in
2e298e7ee98b6df61cf85117f000290d60a473b8
Gbp-Pq: Name auth__Use_AUTH_CACHE_KEY_USER_instead_of_per-database.patch
Jakob Haufe [Sun, 25 May 2025 13:04:50 +0000 (15:04 +0200)]
[PATCH] Fix LDAP SASL auth support
961275fdb54878fdfa4ee1b9f1a4f00e82bf4a83 moved code without creating a
way to have HAVE_LDAP_SASL defined there.
Copy the preprocessor block from src/auth/db-ldap.c to fix this.
Gbp-Pq: Name bug1106784_Fix-LDAP-SASL-auth-support.patch
Noah Meyerhans [Tue, 31 Mar 2026 19:07:17 +0000 (15:07 -0400)]
Fix groff errors in upstream manpages
Forwarded: no
Last-Update: 2025-05-02
Last-Update: 2025-05-02
Gbp-Pq: Name fix-man-errors.patch
Dovecot Maintainers [Tue, 31 Mar 2026 19:07:17 +0000 (15:07 -0400)]
Fix GSSAPI regression
Origin: https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/message/O54EAGLIXXHMOH7BQCCKHHB3Z32HDWVR/
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=
1104549
Last-Update: 2025-05-02
Dovecot 2.4 introduced a regression that broke GSSAPI authentication for
some clients. This patch contains a fix provided by the upstream maintainers.
Last-Update: 2025-05-02
Gbp-Pq: Name bug1104549-gssapi-regression.patch
Dovecot Maintainers [Tue, 31 Mar 2026 19:07:17 +0000 (15:07 -0400)]
fit-32-bit-test-integers
===================================================================
Gbp-Pq: Name fit-32-bit-test-integers.patch
Christian Göttsche [Thu, 22 Dec 2022 16:00:53 +0000 (17:00 +0100)]
Use _FORTIFY_SOURCE level 3
Forwarded: not-needed
Gbp-Pq: Name Use-_FORTIFY_SOURCE-level-3.patch
Timo Sirainen [Mon, 26 May 2025 06:45:56 +0000 (09:45 +0300)]
[PATCH] lda: Default mail_home=$HOME environment if not using userdb lookup
The previous code to do this was removed by
e57d5b9002f910c095ee5b55821395fcf1da016a
Gbp-Pq: Name 0002-lda-Default-mail_home-HOME-environment-if-not-using-.patch
Timo Sirainen [Mon, 26 May 2025 06:37:35 +0000 (09:37 +0300)]
[PATCH] lda: Fix using USER environment if -d hasn't been specified
This became broken at some point.
Gbp-Pq: Name 0001-lda-Fix-using-USER-environment-if-d-hasn-t-been-spec.patch
Noah Meyerhans [Fri, 22 May 2020 04:48:59 +0000 (21:48 -0700)]
Don't try to build doc/rfc subdir components
Forwarded: not-needed
Forwarded: not-needed
Gbp-Pq: Name skip-rfc-subdir.patch
Noah Meyerhans [Tue, 31 Mar 2026 19:07:17 +0000 (15:07 -0400)]
dovecot (1:2.4.1+dfsg1-6+deb13u4) trixie-security; urgency=medium
* [
bc29057] CVE-2025-59028: auth: Don't disconnect auth client when
invalid base64 SASL input is received
* [
fee7a9a] CVE-2025-59031: stop shipping the decode2text shell script
* [
9a4442e] CVE-2025-59032: managesieve-login: Fix crash when command
didn't finish on the first call
* [
2711b3e] CVE-2026-24031, CVE-2026-27860: auth: fix ldap and sql
injection
* [
d30f1c3] CVE-2026-27855: fix OTP authentication reply vulnerability
* [
e1b0ff7] CVE-2026-27856: doveadm: fix timing oracle attack
* [
b8a69bf] CVE-2026-27857: fix resource exhaustion DoS in NOOP command
parsing
* [
85dd068] CVE-2026-27858: fix pre-authentication managesieve memory
consumption issue
* [
880e332] CVE-2026-27859: fix uncontrolled resource allocation when
delivering specially crafted email messages
[dgit import unpatched dovecot 1:2.4.1+dfsg1-6+deb13u4]
Noah Meyerhans [Tue, 31 Mar 2026 19:07:17 +0000 (15:07 -0400)]
Import dovecot_2.4.1+dfsg1-6+deb13u4.debian.tar.xz
[dgit import tarball dovecot 1:2.4.1+dfsg1-6+deb13u4 dovecot_2.4.1+dfsg1-6+deb13u4.debian.tar.xz]
Noah Meyerhans [Sun, 30 Mar 2025 15:48:57 +0000 (11:48 -0400)]
Import dovecot_2.4.1+dfsg1.orig.tar.gz
[dgit import orig dovecot_2.4.1+dfsg1.orig.tar.gz]
Noah Meyerhans [Sun, 30 Mar 2025 15:48:57 +0000 (11:48 -0400)]
Import dovecot_2.4.1+dfsg1.orig-pigeonhole.tar.gz
[dgit import orig dovecot_2.4.1+dfsg1.orig-pigeonhole.tar.gz]
projects / dovecot.git / log