Ubuntu
dovecot package

Merge ~bryce/ubuntu/+source/dovecot:merge-v1E2.3.13Adfsg1-1-hirsute into ubuntu/+source/dovecot:debian/sid

  1. Git
  2. lp:~bryce/ubuntu/+source/dovecot
  3. merge-v1E2.3.13Adfsg1-1-hirsute
  4. Merge into debian/sid
Proposed by Bryce Harrington
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: 87e7dfd8de2593ab4671ddc5117bf7a117bc7e06
Merge reported by: Bryce Harrington
Merged at revision: 87e7dfd8de2593ab4671ddc5117bf7a117bc7e06
Proposed branch: ~bryce/ubuntu/+source/dovecot:merge-v1E2.3.13Adfsg1-1-hirsute
Merge into: ubuntu/+source/dovecot:debian/sid
Diff against target: 75 lines (+48/-1)
2 files modified
debian/changelog (+46/-0)
debian/control (+2/-1)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
git-ubuntu developers Pending
Review via email: mp+398217@code.launchpad.net

Description of the change

All changes for dovecot are now upstream in 2.3.13, so this can be a sync.
Just filing MP as doublecheck for review.

Usual tags pushed.

PPA: https://launchpad.net/~bryce/+archive/ubuntu/dovecot-merge-v1..2.3.13+dfsg1-1

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Slightly confusing as https://dovecot.org/doc/NEWS doesn't list CVE-2020-25275.
(It does for CVE-2020-24386).

CVE-2020-25275-1.patch is present in the new code mostly as-is

CVE-2020-25275-2.patch isn't but that just has evolved since then, unftionally it is present.

I agree, this can be a sync again - thanks!
I've run syncpackage on this - let us check how it works out when the archive opens again

review: Approve
Revision history for this message
Bryce Harrington (bryce) wrote :

Looks like this required a rebuild but otherwise has migrated successfully:

$ ubuntu-changes dovecot
dovecot (1:2.3.13+dfsg1-1build1) hirsute; urgency=high

  * No change rebuild against clucene-core

 -- Balint Reczey <email address hidden> Thu, 18 Feb 2021 18:19:47 +0100

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 65e651b..b7ac744 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,28 @@
6+dovecot (1:2.3.13+dfsg1-1ubuntu1) hirsute; urgency=medium
7+
8+ * Merge with Debian unstable. Remaining changes:
9+ * Dropped:
10+ - SECURITY UPDATE: information disclosure via imap hibernation
11+ + debian/patches/CVE-2020-24386-1.patch: escape tag when sending it to
12+ imap-hibernate process in src/imap/imap-client-hibernate.c.
13+ + debian/patches/CVE-2020-24386-2.patch: add unit test for
14+ imap-client-hibernate in src/imap/Makefile.am,
15+ src/imap/imap-client-hibernate.c, src/imap/imap-client.h,
16+ src/imap/test-imap-client-hibernate.c.
17+ + CVE-2020-24386
18+ [Included in upstream 2.3.13]
19+ - SECURITY UPDATE: remote DoS via large number of MIME parts
20+ + debian/patches/CVE-2020-25275-1.patch: fix assert-crash when
21+ enforcing MIME part limit in src/lib-mail/message-parser.c,
22+ src/lib-mail/test-message-parser.c.
23+ + debian/patches/CVE-2020-25275-2.patch: don't generate invalid
24+ BODYSTRUCTURE when reaching MIME part limit in
25+ src/lib-imap/imap-bodystructure.c.
26+ + CVE-2020-25275
27+ [Included in upstream 2.3.13]
28+
29+ -- Bryce Harrington <bryce@canonical.com> Thu, 18 Feb 2021 03:36:32 +0000
30+
31 dovecot (1:2.3.13+dfsg1-1) unstable; urgency=medium
32
33 [ Christian Göttsche ]
34@@ -22,6 +47,27 @@ dovecot (1:2.3.13+dfsg1-1) unstable; urgency=medium
35
36 -- Noah Meyerhans <noahm@debian.org> Mon, 25 Jan 2021 15:38:17 -0800
37
38+dovecot (1:2.3.11.3+dfsg1-2ubuntu1) hirsute; urgency=medium
39+
40+ * SECURITY UPDATE: information disclosure via imap hibernation
41+ - debian/patches/CVE-2020-24386-1.patch: escape tag when sending it to
42+ imap-hibernate process in src/imap/imap-client-hibernate.c.
43+ - debian/patches/CVE-2020-24386-2.patch: add unit test for
44+ imap-client-hibernate in src/imap/Makefile.am,
45+ src/imap/imap-client-hibernate.c, src/imap/imap-client.h,
46+ src/imap/test-imap-client-hibernate.c.
47+ - CVE-2020-24386
48+ * SECURITY UPDATE: remote DoS via large number of MIME parts
49+ - debian/patches/CVE-2020-25275-1.patch: fix assert-crash when
50+ enforcing MIME part limit in src/lib-mail/message-parser.c,
51+ src/lib-mail/test-message-parser.c.
52+ - debian/patches/CVE-2020-25275-2.patch: don't generate invalid
53+ BODYSTRUCTURE when reaching MIME part limit in
54+ src/lib-imap/imap-bodystructure.c.
55+ - CVE-2020-25275
56+
57+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 28 Dec 2020 10:59:24 -0500
58+
59 dovecot (1:2.3.11.3+dfsg1-2) unstable; urgency=medium
60
61 [ Christian Göttsche ]
62diff --git a/debian/control b/debian/control
63index 7db1c94..93b2117 100644
64--- a/debian/control
65+++ b/debian/control
66@@ -1,7 +1,8 @@
67 Source: dovecot
68 Section: mail
69 Priority: optional
70-Maintainer: Dovecot Maintainers <dovecot@packages.debian.org>
71+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
72+XSBC-Original-Maintainer: Dovecot Maintainers <dovecot@packages.debian.org>
73 Uploaders: Jaldhar H. Vyas <jaldhar@debian.org>,
74 Jelmer Vernooij <jelmer@debian.org>,
75 Apollon Oikonomopoulos <apoikos@debian.org>,

Subscribers

People subscribed via source and target branches