pkgsrc.se | The NetBSD package collection

./mail/dovecot2-sqlite, Secure IMAP and POP3 server (SQLite plugin)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.3.21.1nb3, Package name: dovecot-sqlite-2.3.21.1nb3, Maintainer: adam

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems,
written with security primarily in mind. This package contains the SQLite
backend plugins.

Required to run:
[shells/bash] [mail/dovecot2] [archivers/lz4] [archivers/zstd]

Package options: kqueue, pam, ssl, tcpwrappers

Master sites:

https://dovecot.org/releases/2.3/ (Download)

Filesize: 7658.246 KB

Version history: (Expand)

(2024-11-15) Updated to version: dovecot-sqlite-2.3.21.1nb3
(2024-11-01) Updated to version: dovecot-sqlite-2.3.21.1nb2
(2024-11-01) Updated to version: dovecot-sqlite-2.3.21.1nb1
(2024-08-19) Updated to version: dovecot-sqlite-2.3.21.1
(2024-05-29) Updated to version: dovecot-sqlite-2.3.21nb3
(2023-11-08) Updated to version: dovecot-sqlite-2.3.21nb2

CVS history: (Expand)

2025-04-17 23:53:13 by Thomas Klausner | Files touched by this commit (2449)

Log message:
*: recursive bump for icu 77 and libxml2 2.14

2024-11-14 23:22:33 by Thomas Klausner | Files touched by this commit (2428)

Log message:
*: recursive bump for icu 76 shlib major version bump

2024-11-01 13:55:19 by Thomas Klausner | Files touched by this commit (2425)

Log message:
*: revbump for icu downgrade

2024-11-01 01:54:33 by Thomas Klausner | Files touched by this commit (2426)

Log message:
*: recursive bump for icu 76.1 shlib bump

2024-08-19 11:29:57 by Adam Ciarcinski | Files touched by this commit (5) | Package updated

Log message:
dovecot2: updated to 2.3.21.1

v2.3.21.1

- CVE-2024-23184: A large number of address headers in email resulted
  in excessive CPU usage.
- CVE-2024-23185: Abnormally large email headers are now truncated or
  discarded, with a limit of 10MB on a single header and 50MB for all
  the headers of all the parts of an email.
- oauth2: Dovecot would send client_id and client_secret as POST parameters
  to introspection server. These need to be optionally in Basic auth
  instead as required by OIDC specification.
- oauth2: JWT key type check was too strict.
- oauth2: JWT token audience was not validated against client_id as
  required by OIDC specification.
- oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out
  protocol specific error message on all errors. This broke OIDC discovery.
- oauth2: JWT aud validation was not performed if aud was missing
  from token, but was configured on Dovecot.

2024-05-29 18:35:19 by Adam Ciarcinski | Files touched by this commit (1928) | Package updated

Log message:
revbump after icu and protobuf updates

2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2376)

Log message:
*: recursive bump for icu 74.1

2023-04-19 10:12:01 by Adam Ciarcinski | Files touched by this commit (2358) | Package updated

Log message:
revbump after textproc/icu update