buildroot/package/dovecot, branch 2019.02-op-build

package/dovecot: security bump to version 2.3.4.1

2019-02-05T19:27:06+00:00

Fixes the following security issues: * CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. * ssl_cert_username_field setting was ignored with external SMTP AUTH, because none of the MTAs (Postfix, Exim) currently send the cert_username field. This may have allowed users with trusted certificate to specify any username in the authentication. This bug didn't affect Dovecot's Submission service. For more details, see the announcement: https://www.dovecot.org/list/dovecot-news/2019-February/000394.html Signed-off-by: Peter Korsgaard

package/{dovecot, dovecot-pigeonhole}: bump version to 2.3.4, 0.5.4

2018-11-24T09:13:10+00:00

We need to bump both packages in one commit: https://dovecot.org/pipermail/dovecot-news/2018-November/000392.html Adjustments to several changes in Dovecot v2.3.4 make this Pigeonhole release dependent on that Dovecot release; it will not compile against older Dovecot versions. And, conversely, you need to upgrade Pigeonhole when upgrading Dovecot to v2.3.4. Signed-off-by: Bernd Kuhls Signed-off-by: Thomas Petazzoni

package/dovecot: bump version to 2.3.3

2018-10-03T07:32:43+00:00

Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard

package/dovecot: bump version to 2.3.2.1

2018-07-09T21:52:31+00:00

Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard

package/dovecot: bump version to 2.3.2

2018-07-01T13:00:07+00:00

Switched _SITE to https. Release notes: https://www.dovecot.org/list/dovecot-news/2018-June/000383.html Signed-off-by: Bernd Kuhls Signed-off-by: Thomas Petazzoni

package/dovecot: add optional support for libsodium

2018-03-31T18:46:14+00:00

Signed-off-by: Bernd Kuhls Signed-off-by: Thomas Petazzoni

package/dovecot: bump version to 2.3.1

2018-03-30T11:12:32+00:00

Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard

package/dovecot: bump version to 2.2.35

2018-03-24T20:38:33+00:00

Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard

package/dovecot: security bump to version 2.3.4

2018-03-01T20:37:38+00:00

Fixes CVE-2017-15130, CVE-2017-14461 & CVE-2017-15132: https://www.dovecot.org/list/dovecot-news/2018-February/000370.html Removed patch applied upstream: https://github.com/dovecot/core/commit/a008617e811673064fd657acf517dc4a12493d29 Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard

dovecot: add upstream security fix for CVE-2017-15132

2018-01-29T08:48:08+00:00

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion. For more details, see: http://www.openwall.com/lists/oss-security/2018/01/25/4 Signed-off-by: Peter Korsgaard