[ubuntu/cosmic-proposed] dovecot 1:2.2.35-2ubuntu1 (Accepted)
Christian Ehrhardt
christian.ehrhardt at canonical.com
Tue May 22 13:13:14 UTC 2018
dovecot (1:2.2.35-2ubuntu1) cosmic; urgency=medium
* Merge with Debian unstable (LP: #1771816). Remaining changes:
- Add updated autopkgtest to debian/tests/* (these tests got simplified
and streamlined to use the packages default configuration which solves
LP: #1638865)
* Dropped Changes (now upstream)
- SECURITY UPDATE: rfc822_parse_domain Information Leak Vulnerability
- SECURITY UPDATE: TLS SNI config lookups DoS
- SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
* Dropped Changes (no more needed after 18.04)
- handle conffile removal of /etc/init/dovecot.conf (due to dropping
upstart).
* Dropped Changes (no more needed)
- Drop build dependency on libstemmer-dev (universe) - this is now in main
- Disable dovecot-lucene plugin as it had various issues and is deprecated
in favor of solr anyway (LP 1524526) - no more failing in Cosmic.
* Dropped Changes (mail-stack-delivery)
It was decided to no more carry mail-stack-delivery as a package in favor
to out-of-package solutions. It became less useful due to one of the
biggest benefit (auto-ssl setup) being part of the base setup now.
- Add mail-stack-delivery
- add package in d/rules, d/control
- add d/*mail-stack-delivery* maintainer scripts and default conf
- d/mail-stack-delivery.preinst: Move previously installed backups and
config files to a new package namespace.
- d/mail-stack-delivery.README.Debian clarified use of configuration files
- d/mail-stack-delivery.postinst: Use ssl key/cert paths now set up by
dovecot-core; transition for such configs formerly set up by
mail-stack-delivery to use the new default ssl config (if user had no
conffile change or choses new defaults).
- d/mail-stack-delivery.postinst: if moving dovecot to the new defaults on
upgrade, also move the related postfix key/cert entries.
- debian/99-mail-stack-delivery.conf: do not explicitly enable protocols
as all installed are auto-included from the base config now.
- adapt autopkgtests to match new version.
- d/control: for the ssl transition to work we need to ensure dovecot-core
is complete before upgrading mail-stack-delivery, so add a Pre-Depends.
- d/mail-stack-delivery.postinst: add SSL_CERT/SSL_KEY detection to
postconf section (was formerly initialized at the now dropped key setup)
- d/mail-stack-delivery.postinst: fix SSL_CERT/SSL_KEY detection to only
read non-comments from the right keywords and to strip common bad-chars
- d/mail-stack-delivery.postinst: stop modifying mandatory tls config,
recent upstream has sane defaults now
- debian/99-mail-stack-delivery.conf: drop explicit ssl_cipher_list,
recent upstream has sane defaults now
* Added Changes:
- carry mail-stack-delivery as empty transitional package
(can be dropped >20.04)
dovecot (1:2.2.35-2) unstable; urgency=medium
* [7665652] Use git-subtree to generate pigeonhole patch from git; add
single-debian-patch to d/source/local-options
* [bfa0f10] d/rules: specify libdir manually; previous upload moved modules
under /usr/lib/<triplet>, which was bound to break existing setups
* [982e826] d/copyright: adjust pigeonhole path and bump years
dovecot (1:2.2.35-1) unstable; urgency=medium
* [8108cba] New upstream version 2.2.35
* [6cbbaa1] Update pigeonhole to 0.4.23 (Closes: #892137)
* [9ace5f2] Switch Vcs-* URLs to salsa.d.o
* [ef40625] d/rules: call configure via dh_auto_configure.
Thanks to Helmut Grohne (Closes: #885854)
* [a459455] Drop B-D on libcurl4-gnutls-dev; removed upstream since 2.2
* [235af9d] Update upstream signing key
dovecot (1:2.2.34-2) unstable; urgency=high
* [868dc65] Update pigeonhole to 0.4.22
* Set urgency to high due to the security fixes in 2.2.34-1
dovecot (1:2.2.34-1) unstable; urgency=medium
* [f53dc9a] New upstream version 2.2.34
Fixes the following security issues:
+ CVE-2017-15130: TLS SNI config lookups may lead to excessive memory
usage (Closes: #891820)
+ CVE-2017-14461: rfc822_parse_domain information leak vulnerability
(Closes: #891819)
+ CVE-2017-15132: auth client leaks memory if SASL authentication is
aborted (Closes: #888432)
* [0dc98c6] Do not patch all-settings.c; regenerate it at build time
instead. Thanks to Aki Tuomi!
* [e678e3b] Bump dh compat to 11
+ B-D on debhelper (>= 11~)
+ Use dh_installsystemd instead of dh_systemd_enable
* [271b290] Bump Standards-Version to 4.1.3; no changes needed
* [3cd6715] d/copyright: bump upstream and debian years
* [380d1ac] Drop the ENABLED flag from /etc/default/dovecot (but let the
initscript handle it if it exists)
* [97d6fae] d/watch: switch upstream URL to https://
Date: Wed, 16 May 2018 14:40:19 +0200
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/dovecot/1:2.2.35-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 16 May 2018 14:40:19 +0200
Source: dovecot
Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene mail-stack-delivery
Architecture: source
Version: 1:2.2.35-2ubuntu1
Distribution: cosmic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Description:
dovecot-core - secure POP3/IMAP server - core files
dovecot-dev - secure POP3/IMAP server - header files
dovecot-gssapi - secure POP3/IMAP server - GSSAPI support
dovecot-imapd - secure POP3/IMAP server - IMAP daemon
dovecot-ldap - secure POP3/IMAP server - LDAP support
dovecot-lmtpd - secure POP3/IMAP server - LMTP server
dovecot-lucene - secure POP3/IMAP server - Lucene support
dovecot-managesieved - secure POP3/IMAP server - ManageSieve server
dovecot-mysql - secure POP3/IMAP server - MySQL support
dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support
dovecot-pop3d - secure POP3/IMAP server - POP3 daemon
dovecot-sieve - secure POP3/IMAP server - Sieve filters support
dovecot-solr - secure POP3/IMAP server - Solr support
dovecot-sqlite - secure POP3/IMAP server - SQLite support
mail-stack-delivery - transitional package
Closes: 885854 888432 891819 891820 892137
Launchpad-Bugs-Fixed: 1638865 1771816
Changes:
dovecot (1:2.2.35-2ubuntu1) cosmic; urgency=medium
.
* Merge with Debian unstable (LP: #1771816). Remaining changes:
- Add updated autopkgtest to debian/tests/* (these tests got simplified
and streamlined to use the packages default configuration which solves
LP: #1638865)
* Dropped Changes (now upstream)
- SECURITY UPDATE: rfc822_parse_domain Information Leak Vulnerability
- SECURITY UPDATE: TLS SNI config lookups DoS
- SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
* Dropped Changes (no more needed after 18.04)
- handle conffile removal of /etc/init/dovecot.conf (due to dropping
upstart).
* Dropped Changes (no more needed)
- Drop build dependency on libstemmer-dev (universe) - this is now in main
- Disable dovecot-lucene plugin as it had various issues and is deprecated
in favor of solr anyway (LP 1524526) - no more failing in Cosmic.
* Dropped Changes (mail-stack-delivery)
It was decided to no more carry mail-stack-delivery as a package in favor
to out-of-package solutions. It became less useful due to one of the
biggest benefit (auto-ssl setup) being part of the base setup now.
- Add mail-stack-delivery
- add package in d/rules, d/control
- add d/*mail-stack-delivery* maintainer scripts and default conf
- d/mail-stack-delivery.preinst: Move previously installed backups and
config files to a new package namespace.
- d/mail-stack-delivery.README.Debian clarified use of configuration files
- d/mail-stack-delivery.postinst: Use ssl key/cert paths now set up by
dovecot-core; transition for such configs formerly set up by
mail-stack-delivery to use the new default ssl config (if user had no
conffile change or choses new defaults).
- d/mail-stack-delivery.postinst: if moving dovecot to the new defaults on
upgrade, also move the related postfix key/cert entries.
- debian/99-mail-stack-delivery.conf: do not explicitly enable protocols
as all installed are auto-included from the base config now.
- adapt autopkgtests to match new version.
- d/control: for the ssl transition to work we need to ensure dovecot-core
is complete before upgrading mail-stack-delivery, so add a Pre-Depends.
- d/mail-stack-delivery.postinst: add SSL_CERT/SSL_KEY detection to
postconf section (was formerly initialized at the now dropped key setup)
- d/mail-stack-delivery.postinst: fix SSL_CERT/SSL_KEY detection to only
read non-comments from the right keywords and to strip common bad-chars
- d/mail-stack-delivery.postinst: stop modifying mandatory tls config,
recent upstream has sane defaults now
- debian/99-mail-stack-delivery.conf: drop explicit ssl_cipher_list,
recent upstream has sane defaults now
* Added Changes:
- carry mail-stack-delivery as empty transitional package
(can be dropped >20.04)
.
dovecot (1:2.2.35-2) unstable; urgency=medium
.
* [7665652] Use git-subtree to generate pigeonhole patch from git; add
single-debian-patch to d/source/local-options
* [bfa0f10] d/rules: specify libdir manually; previous upload moved modules
under /usr/lib/<triplet>, which was bound to break existing setups
* [982e826] d/copyright: adjust pigeonhole path and bump years
.
dovecot (1:2.2.35-1) unstable; urgency=medium
.
* [8108cba] New upstream version 2.2.35
* [6cbbaa1] Update pigeonhole to 0.4.23 (Closes: #892137)
* [9ace5f2] Switch Vcs-* URLs to salsa.d.o
* [ef40625] d/rules: call configure via dh_auto_configure.
Thanks to Helmut Grohne (Closes: #885854)
* [a459455] Drop B-D on libcurl4-gnutls-dev; removed upstream since 2.2
* [235af9d] Update upstream signing key
.
dovecot (1:2.2.34-2) unstable; urgency=high
.
* [868dc65] Update pigeonhole to 0.4.22
* Set urgency to high due to the security fixes in 2.2.34-1
.
dovecot (1:2.2.34-1) unstable; urgency=medium
.
* [f53dc9a] New upstream version 2.2.34
Fixes the following security issues:
+ CVE-2017-15130: TLS SNI config lookups may lead to excessive memory
usage (Closes: #891820)
+ CVE-2017-14461: rfc822_parse_domain information leak vulnerability
(Closes: #891819)
+ CVE-2017-15132: auth client leaks memory if SASL authentication is
aborted (Closes: #888432)
* [0dc98c6] Do not patch all-settings.c; regenerate it at build time
instead. Thanks to Aki Tuomi!
* [e678e3b] Bump dh compat to 11
+ B-D on debhelper (>= 11~)
+ Use dh_installsystemd instead of dh_systemd_enable
* [271b290] Bump Standards-Version to 4.1.3; no changes needed
* [3cd6715] d/copyright: bump upstream and debian years
* [380d1ac] Drop the ENABLED flag from /etc/default/dovecot (but let the
initscript handle it if it exists)
* [97d6fae] d/watch: switch upstream URL to https://
Checksums-Sha1:
cd1d535962ef60c1a5aeed37e2dc2056f1facc05 3542 dovecot_2.2.35-2ubuntu1.dsc
e6e7917d43ec2c8b6eba9533a4aab15a2e77253a 6185237 dovecot_2.2.35.orig.tar.gz
77520ce40477d2b8a5b9f25d8b4547c084c79869 1245 dovecot_2.2.35.orig.tar.gz.asc
3e04063dcd125d9c27d1f0d3e04392ca0db688ec 529444 dovecot_2.2.35-2ubuntu1.debian.tar.xz
ebfedd59b5f0a41b777861bedbd7637b2afb49c7 9019 dovecot_2.2.35-2ubuntu1_source.buildinfo
Checksums-Sha256:
2741078b1ac8fb08e88c8a64d4dc1ca6ffef7aee83a691fe2fdabc845158f730 3542 dovecot_2.2.35-2ubuntu1.dsc
cce15db2fc5233386b63a3cf21c465c09e6e55014ed66c4f184b7d221a47180c 6185237 dovecot_2.2.35.orig.tar.gz
ab08824a77354fa45c7f8a08bfa47e653eaa5253bf12238a7b084677185c5642 1245 dovecot_2.2.35.orig.tar.gz.asc
819316b4f243fff1a3fbf004faad7295ce41624f60e69b8e927539f02e4559a5 529444 dovecot_2.2.35-2ubuntu1.debian.tar.xz
3618d43eba913229e13851475b301e41b37909af3638a9062331d980c8959538 9019 dovecot_2.2.35-2ubuntu1_source.buildinfo
Files:
57b494d8736fb7adba26e90efd5d4e3c 3542 mail optional dovecot_2.2.35-2ubuntu1.dsc
6998a3b16c42a8b3c7086b03fa781fba 6185237 mail optional dovecot_2.2.35.orig.tar.gz
bae4e48fab1993f7533131ced7bbecfe 1245 mail optional dovecot_2.2.35.orig.tar.gz.asc
cd8eb5aba05954b9326d002ebe82c290 529444 mail optional dovecot_2.2.35-2ubuntu1.debian.tar.xz
67ba3b6dea115806f8b68dd40d4ddb3a 9019 mail optional dovecot_2.2.35-2ubuntu1_source.buildinfo
Original-Maintainer: Dovecot Maintainers <jaldhar-dovecot at debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEktYY9mjyL47YC+71uj4pM4KAskIFAlsEFxIACgkQuj4pM4KA
skJnwhAAroVlekLVZD47rlvOh9YeJ93MmRj7nHSA6LxNIa7OzycIeVTLY1RW65oU
7i9RVAxiJtKj2qAAXUhRDcN+Yn60tQ9Ib/IzUJ1/lfUWj9T6ZJQ1zCtr8X5tcgOX
/ONRMF9mmPVeIho8yabengcIa+zTWOlVafnVRhBGUAcI2w+0wnv8ajat34Hj6ihT
iVY4DtiKXi2AIIXBgxEY4wqykGgP5ERSz/0pHpxALRACbTC/KuFXvGpbqSbDDJJW
b0qfudv5y3B3Zr88UNY30+VtMcPcz9/8/B0ROdmNDoH7UfjzBV7yiFeV4QifJ+PA
lWN4v8Q5We94yhciq/iqWNzg2MUYtLQVf3/Ulclt1mja7h+sRkagrtGwo1IjfGqd
uBuwWKcMfA/20a3XLXLSjMixG78F6mPzafBR8DPfVZhcSBSVchWvfnq4O1nPx9aG
3Qe+4m+wS3B1GeF4K8SiKgKKFgA4BBk0saCydH/nRGtmEb/HFqStbt0pinjj/el/
BvIzqGWYekws21fJFXt5DHugtegiDwYd68ABLyDL1a7FApDl/pxV4w62cB6iAdXk
nxUOSZtUGHd13ylkJU/md/tM0rUcmiFPw1s2orfyiS18ipF2uRVvFIcuA/QPXmVe
OZUFmtshgsfJS3Mo/lUa3mjRjECg1xfuRA/M3wvCsY28Puz8dJo=
=WFZF
-----END PGP SIGNATURE-----
More information about the Cosmic-changes
mailing list