dovecot (1:2.4.1+dfsg1-6+deb13u2) trixie; urgency=medium
* [6ac2883] Clean up a few typos in default/example config (Closes: #1112667)
* [7feb544] Ensure default lmtpd auth_username_format matches the global value
(Closes: #1111469)
* [216ec20] import upstream patch for improperly terminated auth_oauth2_post_setting_defines
(Closes: #1116328)
* [46eab61] lib-sieve/sieve-script.c: sieve_script_create_common: Correctly handle errors.
(Closes: #1116070)
-- Noah Meyerhans <noahm@debian.org> Thu, 23 Oct 2025 10:01:33 -0400
dovecot (1:2.4.1+dfsg1-6+deb13u1) trixie-security; urgency=high
* Import upstream fix for an issue with authentication cache management that
could result in users being logged in as the wrong user in certain
configurations. (CVE-2025-30189) (Closes: #1115964)
-- Noah Meyerhans <noahm@debian.org> Wed, 24 Sep 2025 09:14:50 -0400
dovecot (1:2.4.1+dfsg1-6) unstable; urgency=medium
* [8c6ba88] Fix LDAP SASL auth support (Closes: #1106784)
* [fac9131] Avoid -fstack-clash-protection on hppa architecture
(Closes: #1107609)
* [071beb5] d/control: update Uploaders to reflect the current reality
-- Noah Meyerhans <noahm@debian.org> Wed, 18 Jun 2025 10:01:58 -0400
dovecot (1:2.4.1+dfsg1-5) unstable; urgency=medium
* [e6e5ef7] Fix typo in conf.d/auth-passwdfile.conf.ext (Closes: #1106072)
* [2a34ed0] Import upstream fix for dovecot-lda data loss (Closes: #1106485)
* [6c287ea] Fix typo in doveadm-fetch(1) (Closes: #1106533)
* [11f8b62] Fix invalid metadata in debian/patches/skip-rfc-subdir.patch
-- Noah Meyerhans <noahm@debian.org> Wed, 28 May 2025 15:45:52 -0400
dovecot (1:2.4.1+dfsg1-4) unstable; urgency=medium
* [235de56] managesieved: lintian: suppress library-not-linked-against-libc
* [74e7dcd] Ensure we use a 32-bit time_t on i386
* [461bc68] dovecot-core: postinst: fix purge of obsolete ucf conf files
(Closes: #1105003)
-- Noah Meyerhans <noahm@debian.org> Mon, 12 May 2025 20:36:26 -0400
dovecot (1:2.4.1+dfsg1-3) unstable; urgency=medium
* [bdf895a] upstream fix for GSSAPI authentication regression
(Closes: #1104549)
* [8f15017] d/copyright: Correct canonical reference to GNU licenses
* [ad8f661] dovecot-flatcurve: correct missing dependency on ucf
* [131567a] Fix miscellaneous groff errors in upstream manpages
* [a4a1404] Correct lintian warning debian-news-entry-has-unknown-version
-- Noah Meyerhans <noahm@debian.org> Fri, 02 May 2025 11:20:05 -0400
dovecot (1:2.4.1+dfsg1-2) unstable; urgency=medium
* [7c1b5b9] dovecot-ldap: postinst: correct conffile list (Closes: #1104047)
* [73a254a] config: set mail_home and add mbox deprecation note
-- Noah Meyerhans <noahm@debian.org> Mon, 28 Apr 2025 15:53:54 -0400
dovecot (1:2.4.1+dfsg1-1) unstable; urgency=medium
* Release 1:2.4.1+dfsg1-1 to unstable
-- Noah Meyerhans <noahm@debian.org> Thu, 24 Apr 2025 13:06:17 -0400
dovecot (1:2.4.1+dfsg1-1~exp2) experimental; urgency=medium
* [e30a611] flatcurve: Set breaks+replaces relationship on dovecot-fts-flatcurve
(Closes: #1102937)
-- Noah Meyerhans <noahm@debian.org> Fri, 18 Apr 2025 15:34:42 -0400
dovecot (1:2.4.1+dfsg1-1~exp1) experimental; urgency=medium
* [18c4170] d/watch: handle suffixes in upstream release filenames
* [340250d] New upstream version 2.4.1+dfsg1
* [2fcd382] Ensure we don't try to download files from the internet during build
* [4497016] refresh patches
* [af108c1] Remove obsolete patches
* [0ed2624] Fix 32-bit integer rollover in tests
* [528f075] d/rules: remove autogenerated sources on clean
-- Noah Meyerhans <noahm@debian.org> Sun, 30 Mar 2025 11:48:57 -0400
dovecot (1:2.4.0+dfsg1-1~exp6) experimental; urgency=medium
* [827f8b7] fix and re-enable 32-bit builds
-- Noah Meyerhans <noahm@debian.org> Mon, 24 Mar 2025 15:16:57 -0400
dovecot (1:2.4.0+dfsg1-1~exp5) experimental; urgency=medium
* [cea2f60] d/rules: remove additional files on clean
* [24e625b] ci: extend the timeout for the test-build-twice job
* [1df7d66] Fix ABI identification and add safety checking for it
-- Noah Meyerhans <noahm@debian.org> Mon, 17 Mar 2025 09:56:33 -0400
dovecot (1:2.4.0+dfsg1-1~exp4) experimental; urgency=medium
* [0806d3b] Move 90-sieve-extprograms back to dovecot-sieve where it belongs
(Closes: #1100146)
-- Noah Meyerhans <noahm@debian.org> Thu, 13 Mar 2025 17:41:17 -0400
dovecot (1:2.4.0+dfsg1-1~exp3) experimental; urgency=medium
* [4989934] Install a config file for flatcurve
* [baeb072] Add default lmtpd configuration
* [1d1d874] d/rules: drop some obsolete configure options
* [6bc7f0b] pigeonhole: enable ldap pluggin support
* [1998623] Enable experimental support for SMTPUTF8 and UTF8=ACCEPT
* [22abd27] enable cdb support
* [369d4a4] ci: disable i386 builds
* [e6ff65b] update autopkgtests
* [56dd0d6] debian/dovecot-core.NEWS: Document configuration changes
* [3d12c1e] d/rules: Update ABI detection
-- Noah Meyerhans <noahm@debian.org> Tue, 11 Mar 2025 11:31:12 -0400
dovecot (1:2.4.0+dfsg1-1~exp2) experimental; urgency=medium
* [ab636e4] Correct ucf handling of /etc/dovecot/dovecot.conf
* [ea5102c] Stop building for 32-bit architectures
* [88fecb4] fix shell error in dovecot-managesieved.postinst
* [68875fa] Fix some groff issues in manpages
* [b406a2f] drop stale lintian overrides
* [34e4a3b] lintian: ignore circular dependency between -core and -sieve
* [ee13475] d/copyright: Update or remove some attributions
-- Noah Meyerhans <noahm@debian.org> Wed, 12 Feb 2025 16:39:17 -0500
dovecot (1:2.4.0+dfsg1-1~exp1) experimental; urgency=medium
[ Michael Tokarev ]
* Update to 2.4.0
[ Noah Meyerhans ]
* Update default configuration from upstream example config bundle at
https://github.com/dovecot/tools/blob/main/dovecot-2.4.0-example-config.tar.gz
* Remove obsolete config files on upgrade if unmodified
* Update /usr/share/dovecot/protocols.d/* for 2.4
-- Noah Meyerhans <noahm@debian.org> Tue, 11 Feb 2025 12:03:31 -0500
dovecot (1:2.3.21.1+dfsg1-1) unstable; urgency=medium
[ Noah Meyerhans ]
* [452a10b] Move systemd unit files to /usr (Closes: #1071915)
[ Niels Thykier ]
* [a9caf51] Avoid unnecessary implicit requirement for `(fake)root`
[ Christian Göttsche ]
* [8c253d1] salsa-ci: enable build_twice job
* [47122cd] Bump to standards version 4.7.0 (no further changes)
* [4062094] Replace obsolete build-dependency pkg-config with pkgconf
* [f1221b8] Split overlong line in changelog
* [dd876aa] Annotate Debian patches
* [590287e] Fix typos in changelog
[ Noah Meyerhans ]
* [a212eb8] New upstream version 2.3.21.1+dfsg1
- Fix CVE-2024-23184 (Closes: #1078876)
- Fix CVE-2024-23185 (Closes: #1078877)
-- Noah Meyerhans <noahm@debian.org> Sat, 17 Aug 2024 13:26:24 -0400
dovecot (1:2.3.21+dfsg1-3) unstable; urgency=medium
* [883dc1a] Add libtirpc-dev to build-depends (Closes: #1065213)
-- Noah Meyerhans <noahm@debian.org> Sat, 09 Mar 2024 22:31:22 -0800
dovecot (1:2.3.21+dfsg1-2) unstable; urgency=medium
[ Christian Göttsche ]
* [a2fbc2f] split-protocols.patch: patch all-settings.c to successfully build
twice (Closes: #1044797)
[ Noah Meyerhans ]
* [70e4426] Drop arm64 from libunwind builddep arch list
-- Noah Meyerhans <noahm@debian.org> Mon, 30 Oct 2023 13:40:35 -0700
dovecot (1:2.3.21+dfsg1-1) unstable; urgency=medium
[ Noah Meyerhans ]
* [753b4fe] Don't build the unmaintained lucene fts plugin (Closes: #1040884)
* [5597486] New upstream version 2.3.21+dfsg1
[ Christian Göttsche ]
* [b8017f1] Cleanup temporary build files
* [35e1afe] Silence prototype conflicts
* [8dda8b9] Update Lintian overrides
* [6bae82f] Bump to standards version 4.6.2 (no further changes)
* [1f973d2] Mark hurd patch forwarded
-- Noah Meyerhans <noahm@debian.org> Sat, 14 Oct 2023 08:52:10 -0700
dovecot (1:2.3.20+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [fb2a5b7] d/rules: enable stack clash protection
* [2666970] d/patches: bump _FORTIFY_SOURCE to level 3
[ Noah Meyerhans ]
* [eab5171] New upstream version 2.3.20+dfsg1
* [d6135a4] Drop dependency on obsolete lsb-base package
-- Noah Meyerhans <noahm@debian.org> Sun, 25 Jun 2023 16:17:56 -0700
dovecot (1:2.3.19.1+dfsg1-2.1) unstable; urgency=medium
* Non-maintainer upload.
* [b02ebc9] Don't use deprecated crypt module.
(closes: #1028513)
-- Bas Couwenberg <sebastic@debian.org> Fri, 20 Jan 2023 07:01:26 +0100
dovecot (1:2.3.19.1+dfsg1-2) unstable; urgency=medium
[ Christian Göttsche ]
* [281fb2c] d/patches: cherry-pick fix for CVE-2022-30550 (Closes: #1016351)
* [9c58e71] d/patches: fix uninitialized read in doveadm-oldstats
* [a76a24d] d/control: bump to standards version 4.6.1 (no further changes)
* [4aaaa8b] Update Lintian overrides
-- Noah Meyerhans <noahm@debian.org> Fri, 29 Jul 2022 19:58:28 -0700
dovecot (1:2.3.19.1+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [e40f93f] d/patches: avoid usage of PATH_MAX not available on hurd
* [19e00cd] d/rules: enable backtrace generation
* [5bf1c43] d/patches: debug flaky unit test
[ Noah Meyerhans ]
* [b73422f] New upstream version 2.3.19.1+dfsg1
* [c88bfc0] Update changelog for 1:2.3.19.1+dfsg1-1 release
* [ca59548] Update lintian overrides
* [d6406c2] d/copyright: update declarations for current maintainers
-- Noah Meyerhans <noahm@debian.org> Wed, 22 Jun 2022 09:27:01 -0700
dovecot (1:2.3.19+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [0d29e45] d/rules: enable LTO via DEB_BUILD_MAINT_OPTIONS instead of custom flags
* [560cceb] d/source/lintian-overrides: update very-long-line-length-in-source-file overrides
* [b99d09e] d/copyright: update years
* [9ee8271] d/dovecot-core.prerm: drop as superseded by debhelper
* [907f85c] d/maintscripts: update
* [2b38240] d/dovecot-core.postinst: drop support for version skips
* [dcb76d1] d/dovecot-core.postinst: only link certs if existent (Closes: #1009872)
* [d223bbd] d/patches: add patch to support openssl 3.0 (Closes: #996273)
[ Noah Meyerhans ]
* [9f3175e] New upstream version 2.3.19+dfsg1
-- Noah Meyerhans <noahm@debian.org> Sun, 05 Jun 2022 18:29:18 +0000
dovecot (1:2.3.18+dfsg1-1) unstable; urgency=medium
[ Noah Meyerhans ]
* [36966c8] New upstream version 2.3.18+dfsg1
* [042bda4] Refresh patches for 1:2.3.18+dfsg1-1
-- "Noah Meyerhans" <noahm@debian.org> Thu, 10 Feb 2022 20:05:50 +0000
dovecot (1:2.3.17.1+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [40b0010] New upstream version 2.3.17+dfsg1
* [3c377e0] New upstream version 2.3.17.1+dfsg1
* [e2f1ce2] d/patches: rebase and drop upstream applied ones
* [533b7ad] d/control: bump to standards version 4.6.0 (no further changes)
* [02ed6cf] debian: reduce Lintian issues
* [bb3ae48] d/salsa-ci.yml: skip cross build and do not fail on Lintian
warnings
* [bcda7e4] d/control: build against Lua 5.4
* [9eed0dd] d/control: enable libunwind support on available archs
* [1990699] d/patches: cherry-pick memory leak commit
* [426df46] d/patches: cherry-pick imapsieve fix
* [e3d0747] d/patches: add patch for LTO by avoiding unaligned access
(Closes: #997513)
-- Noah Meyerhans <noahm@debian.org> Tue, 14 Dec 2021 09:24:23 -0800
dovecot (1:2.3.16+dfsg1-3) unstable; urgency=medium
* [7b858b6] Fix FTBFS on mips(64)el. Stacktrace generation on these
architectures requires -funwind-tables, as with 32-bit arm.
-- Noah Meyerhans <noahm@debian.org> Thu, 16 Sep 2021 08:41:27 -0700
dovecot (1:2.3.16+dfsg1-2) unstable; urgency=medium
[ Christian Göttsche ]
* [e1e9ece] d/patches: rework backtrace test patch
* [be404bf] d/patches: add big-endian patch
-- Noah Meyerhans <noahm@debian.org> Fri, 10 Sep 2021 16:10:50 -0700
dovecot (1:2.3.16+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [ff4a227] New upstream version 2.3.14+dfsg1
* [963fa3b] New upstream version 2.3.15+dfsg1 (Closes: #991323, #983510)
* [5e0c898] d/watch: adjust dversionmangle for dfsg suffix
* [9ffb0f5] d/patches: update
* [850e1d6] New upstream version 2.3.16+dfsg1
* [7140b87] d/patches: rebase patches
* [fb1b77e] d/rules: enable LTO
* [ce7055d] d/control: add libsystemd-dev dependency
* [db93263] d/copyright: drop unused section
* [aeec1e8] d/rules: update how to set systemdsystemunitdir
* [ebe9709] d/patches: resolve compiler warnings
* [19b2bb0] d/changelog: bump to 1:2.3.16+dfsg1-1
* [58a4078] d/patches: update 32bit warnings patch
[ Noah Meyerhans ]
* [f217c2e] Fix indexer crash
* [b075317] Import upstream patch for indexer crash on client disconnect
* [36e8740] drop debian/dovecot-core.maintscript
-- Noah Meyerhans <noahm@debian.org> Thu, 02 Sep 2021 13:22:16 -0700
dovecot (1:2.3.13+dfsg1-2) unstable; urgency=high
* Import upstream fixes for security issues (Closes: #990566):
- CVE-2021-29157: Path traversal issue allowing an attacker with
access to the local filesystem can trick OAuth2 authentication into
using an HS256 validation key from an attacker-controlled location
- CVE-2021-33515: Sensitive information could be redirected to an
attacker-controlled address because of a STARTTLS command injection
bug in the submission service
-- Noah Meyerhans <noahm@debian.org> Tue, 20 Jul 2021 08:05:19 -0700
dovecot (1:2.3.13+dfsg1-1) unstable; urgency=medium
[ Christian Göttsche ]
* [6829237] New upstream version 2.3.13 (Closes: #979363)
- CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
- CVE-2020-25275: MIME parsing crashes with particular messages
* [6d25736] Add libzstd-dev to build-dependencies (Closes: #969165)
* [5956798] Rebase patches
* [2cb63c3] Bump to standards version 4.5.1 (no further changes)
* [548bac5] Drop unmatched copyright src/lib-ntlm/* wildcard
* [6f33f3f] Ignore package-contains-documentation-outside-usr-share-doc
false-positives
* [dde9c94] Handle removed configuration file in postinst
[ Pino Toscano ]
* [04a60e3] d/{control,rules}: disable apparmor support on !linux archs
(Closes: #951869)
[ Helmut Grohne ]
* [e5f9fcb] d/patches: improve cross-compile support (Closes: #979370)
-- Noah Meyerhans <noahm@debian.org> Mon, 25 Jan 2021 15:38:17 -0800
dovecot (1:2.3.11.3+dfsg1-2) unstable; urgency=medium
[ Christian Göttsche ]
* [44770f6] Add patch for 32bit compiler warnings
* [053865a] Lintian: remove unused override
* [4ece2e1] Lintian: add forwarded header to Debian specific patches
* [67872b7] Lintian: ignore Debian only man page
* [d30bd7e] Lintian: tag manpage-without-executable got renamed to
spare-manual-page
* [3bdf952] Limit libcap-dev build-dependency to linux-any
* [28f6425] Drop acute accent in man page
* [8c15850] Add patch allowing GSSAPI containing NULL
-- Noah Meyerhans <noahm@debian.org> Wed, 19 Aug 2020 12:06:07 -0700
dovecot (1:2.3.11.3+dfsg1-1) unstable; urgency=high
* New upstream release fixes security issues (Closes: #968302)
- CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to
resource exhaustion as Dovecot attempts to parse it.
- CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
- CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
* Add libcap-dev to build-dependencies to support dropping linux
capabilities.
-- Noah Meyerhans <noahm@debian.org> Thu, 13 Aug 2020 16:21:24 -0700
dovecot (1:2.3.10.1+dfsg1-2) unstable; urgency=medium
* Support sd_notify with systemd (Closes: #951722)
* Add necessary CFLAGS and LDFLAGS settings to ensure functional backtrace
generation. (Closes: #962630)
* Suppress additional library-not-linked-against-libc lintian warnings some
plugins as false-positives, observed on armel systems
[ Andreas Hasenack ]
* d/t/control, d/t/testmails: cherry-pick updated autopkgtests from
Ubuntu's 1:2.2.35-2ubuntu1:
- d/t/testmails: dropped the hardcoded "Ubuntu" name from the banner
text and made it distribution agnostic
- d/t/control: added lsb-release to test dependencies, used to get the
distribution name
-- Noah Meyerhans <noahm@debian.org> Tue, 16 Jun 2020 08:29:02 -0700
dovecot (1:2.3.10.1+dfsg1-1) unstable; urgency=medium
* New upstream release addresses multiple security issues
- CVE-2020-10957
- CVE-2020-10958
- CVE-2020-10967
(Closes: #960963, #930919, #928492)
* Refresh patches
* Strip non-DFSG-compliant docs from .orig archives
* Incorporate a number of improvements to debian/ metadata contributed by
Christian Göttsche <cgzones@googlemail.com>
* Move pid file to /run (Closes: #925443)
* Add noahm@debian.org to Uploaders
* Work around flakiness in autopkgtest suite
* Suppress library-not-linked-against-libc lintian warnings some plugins as
false-positives
-- Noah Meyerhans <noahm@debian.org> Wed, 10 Jun 2020 10:41:37 -0700
dovecot (1:2.3.7.2-1) unstable; urgency=medium
* [dcaf24e] New upstream version 2.3.7.2
- Fixes CVE-2019-11500 for dovecot-core
* [111beef] Update pigeonhole to 0.5.7.2
- Fixes CVE-2019-11500 for pigeonhole/managesieve
* [a422c4c] Bump Standards-Version to 4.4.0; no changes needed
* [56e37ed] Bump dh compat to 12; no changes needed.
- Drop d/compat in favor debhelper-compat B-D.
* [476edbd] Refresh dovecot_name.patch and ssl-cert-location.patch
* [9dc7904] Drop patches included in 2.3.7.2.
- CVE-2019-10691
- CVE-2019-11494
- CVE-2019-11499
- CVE-2019-7524
- avoid-double-closing-mysql.patch
- lib-master-test-event-stats-Use-PRIu64-format.patch
-- Apollon Oikonomopoulos <apoikos@debian.org> Thu, 29 Aug 2019 11:55:51 +0300
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog dovecot-core`.
Generated by dwww version 1.16 on Tue Dec 16 07:28:28 CET 2025.