Changelog |
* Mon Aug 01 2022 Frantisek Zatloukal <fzatlouk@redhat.com> - 1:2.3.19.1-4
- Rebuilt for ICU 71.1
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.19.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 12 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.19.1-2
- fix possible privilege escalation when similar master and non-master passdbs are used
* Mon Jun 20 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.19.1-1
- updated to 2.3.19.1
* Mon May 30 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.19-1
- updated to 2.3.19, pigeonhole to 0.5.19
* Wed Feb 09 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.18-1
- updated to 2.3.18, pigeonhole to 0.5.18
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.17.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Dec 07 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.17.1-1
- dovecot updated to 2.3.17.1, pigeonhole to 0.5.17.1
- dsync: Add back accidentically removed parameters.
- lib-ssl-iostream: Fix assert-crash when OpenSSL returned syscall error
without errno.
- dovecot, managesieve and sieve-tool failed to run if ssl_ca was too large.
* Tue Nov 02 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.17-1
- dovecot updated to 2.3.17, pigeonhole to 0.5.17
* Tue Sep 28 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-4
- reenable LTO
* Mon Sep 27 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-3
- fix OpenSSLv3 issues 2005884
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1:2.3.16-2
- Rebuilt with OpenSSL 3.0.0
* Fri Aug 20 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-1
- dovecot updated to 2.3.16, pigeonhole to 0.5.16
- fixes several regressions
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jun 21 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.15-1
- dovecot updated to 2.3.15, pigeonhole updated to 0.5.15
- CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
JWT tokens. This may be used to supply attacker controlled keys to
validate tokens, if attacker has local access.
- CVE-2021-33515: On-path attacker could have injected plaintext commands
before STARTTLS negotiation that would be executed after STARTTLS
finished with the client.
- Add TSLv1.3 support to min_protocols.
- Allow configuring ssl_cipher_suites. (for TLSv1.3+)
* Wed May 19 2021 Pete Walter <pwalter@fedoraproject.org> - 1:2.3.14-4
- Rebuild for ICU 69
* Wed May 19 2021 Pete Walter <pwalter@fedoraproject.org> - 1:2.3.14-3
- Rebuild for ICU 69
* Mon May 10 2021 Jeff Law <jlaw@tachyum.com> - 1:2.3.14-2
- Re-enable LTO
* Mon Mar 22 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-1
- dovecot updated to 2.3.14, pigeonhole to 0.5.14
- use OpenSSL's implementation of HMAC
- Remove autocreate, expire, snarf and mail-filter plugins.
- Remove cydir storage driver.
- Remove XZ/LZMA write support. Read support will be removed in future release.
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 1:2.3.13-7
- rebuild for libpq ABI fix rhbz#1908268
* Mon Feb 01 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-6
- use make macros
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.13-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 18 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-4
- fix multilib issues
* Mon Jan 18 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-3
- bump release and rebuild
* Thu Jan 07 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-2
- fix rundir location
* Wed Jan 06 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-1
- fix release number
* Mon Jan 04 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-0
- dovecot updated to 2.3.13, pigeonhole to 0.5.13
- CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
allow logged in user to access other people's emails and filesystem
information.
- Metric filter and global event filter variable syntax changed to a
SQL-like format.
- auth: Added new aliases for %{variables}. Usage of the old ones is
possible, but discouraged.
- auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
mechanism and related password schemes.
- auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
- auth: Removed postfix postmap socket
* Wed Oct 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-7
- change run directory from /var/run to /run (#1777922)
* Wed Oct 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-6
- use bigger default key size (#1882939)
* Wed Sep 02 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-5
- fix gssapi issue
* Wed Aug 26 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-4
- fix FTBFS on 32bit systems
* Mon Aug 17 2020 Jeff Law <law@redhat.com> - 1:2.3.11.3-2
- Disable LTO
* Sat Aug 15 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-1
- CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
stack memory.
- CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
- CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.10.1-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|