2025-04-17 23:53:13 by Thomas Klausner | Files touched by this commit (2449) |
Log message: *: recursive bump for icu 77 and libxml2 2.14 |
2024-11-14 23:22:33 by Thomas Klausner | Files touched by this commit (2428) |
Log message: *: recursive bump for icu 76 shlib major version bump |
2024-11-01 13:55:19 by Thomas Klausner | Files touched by this commit (2425) |
Log message: *: revbump for icu downgrade |
2024-11-01 01:54:33 by Thomas Klausner | Files touched by this commit (2426) |
Log message: *: recursive bump for icu 76.1 shlib bump |
2024-08-19 11:29:57 by Adam Ciarcinski | Files touched by this commit (5) | ![]() |
Log message: dovecot2: updated to 2.3.21.1 v2.3.21.1 - CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. - CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email. - oauth2: Dovecot would send client_id and client_secret as POST parameters to introspection server. These need to be optionally in Basic auth instead as required by OIDC specification. - oauth2: JWT key type check was too strict. - oauth2: JWT token audience was not validated against client_id as required by OIDC specification. - oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out protocol specific error message on all errors. This broke OIDC discovery. - oauth2: JWT aud validation was not performed if aud was missing from token, but was configured on Dovecot. |
2024-05-29 18:35:19 by Adam Ciarcinski | Files touched by this commit (1928) | ![]() |
Log message: revbump after icu and protobuf updates |
2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2376) |
Log message: *: recursive bump for icu 74.1 |
2023-04-19 10:12:01 by Adam Ciarcinski | Files touched by this commit (2358) | ![]() |
Log message: revbump after textproc/icu update |