New changelog entries:
* SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
- debian/patches/CVE-2017-15132.patch: fix memory leak in
auth_client_request_abort() in src/lib-auth/auth-client-request.c.
- debian/patches/CVE-2017-15132-additional.patch: remove request after
abort in src/lib-auth/auth-client-request.c,
src/lib-auth/auth-server-connection.c,
src/lib-auth/auth-serser-connection.h.
- CVE-2017-15132
New changelog entries:
* Merge with Debian unstable. Remaining changes:
- Add updated autopkgtest to debian/tests/*.
- Drop build dependency on libstemmer-dev (universe)
- Add mail-stack-delivery
- add package in d/rules, d/control
- add d/*mail-stack-delivery* maintainer scripts and default conf
- d/mail-stack-delivery.preinst: Move previously installed backups and
config files to a new package namespace.
- d/mail-stack-delivery.README.Debian clarified use of configuration files
- handle conffile removal of /etc/init/dovecot.conf (due to dropping
upstart). Can be removed once no upgrade path from <yakkety is left.
- Disable dovecot-lucene plugin as it had various issues and is deprecated
in favor of solr anyway (LP 1524526).
* Dropped changes (in Debian):
- Use Snakeoil SSL certificates by default
- d/control: Depend on ssl-cert
* Added changes:
- d/mail-stack-delivery.postinst: Use ssl key/cert paths now set up by
dovecot-core; transition for such configs formerly set up by
mail-stack-delivery to use the new default ssl config (if user had no
conffile change or choses new defaults).
- d/mail-stack-delivery.postinst: if moving dovecot to the new defaults on
upgrade, also move the related postfix key/cert entries.
- debian/99-mail-stack-delivery.conf: do not explicitly enable protocols
as all installed are auto-included from the base config now.
- adapt autopkgtests to match new version.
- d/control: for the ssl transition to work we need to ensure dovecot-core
is complete before upgrading mail-stack-delivery, so add a Pre-Depends.
- d/mail-stack-delivery.postinst: add SSL_CERT/SSL_KEY detection to
postconf section (was formerly initialized at the now dropped key setup)
- d/mail-stack-delivery.postinst: fix SSL_CERT/SSL_KEY detection to only
read non-comments from the right keywords and to strip common bad-chars
- d/mail-stack-delivery.postinst: stop modifying mandatory tls config,
recent upstream has sane defaults now
- debian/99-mail-stack-delivery.conf: drop explicit ssl_cipher_list,
recent upstream has sane defaults now