Debian Patches
Status for dovecot/1:2.3.19.1+dfsg1-2.1+deb12u3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| split-protocols.patch | split-protocols Set default protocols value as empty and enable each protocol in its own configuration file |
Marco Nenciarini <mnencia@debian.org> | invalid | 2011-03-05 | ||
| fix-mail_plugin_dir-default.patch | fix mail_plugin_dir default Fix mail_plugin_dir default value in conf.d/10-mail.conf |
Marco Nenciarini <mnencia@debian.org> | no | upstream | 2011-09-16 | |
| ssl-cert-location.patch | SSL cert location Move dovecots generated X.509 certificate out of /etc/ssl where it doesn't belong. |
"Jaldhar H. Vyas" <jaldhar@debian.org> | no | upstream | 2014-11-30 | |
| tcpwrapper.patch | Add TCP wrapper support Configuration file for TCP wrapper support. |
Joerg Dorchain <joerg@dorchain.net> | no | upstream | 2012-08-26 | |
| default-mail_location.patch | default location for user mailboxes Set a default for the case where a user has no mail so auto- detection of mailboxes doesn't work. |
"Jaldhar H. Vyas" <jaldhar@debian.org> | no | upstream | 2017-09-20 | |
| mboxlocking.patch | policy 22.6 compliant mbox write locking For NFS safety, prefer fcntl to dotlocks. Dovecots default is the other way around. |
"Jaldhar H. Vyas" <jaldhar@debian.org> | no | upstream | 2013-08-22 | |
| dovecot_name.patch | Update Dovecot name to include Distribution in login greeting message This patch was found at: https://blueprints.launchpad.net/ubuntu/+spec/servercloud-s-server-app-banner-updates and originally provided by Ubuntu for their 2.1.7 package. The original author is Yolanda Robla <yolanda.robla@canonical.com>. I updated it for Debian's 2.2.5 package. |
"Jaldhar H. Vyas" <jaldhar@debian.org> | no | 2020-05-23 | ||
| ssl-dh-params-location.patch | Set DH params location This is mandatory for SSL support in 2.3 |
Apollon Oikonomopoulos <apoikos@debian.org> | not-needed | 2018-03-24 | ||
| skip-rfc-subdir.patch | Don't try to build doc/rfc subdir components | Noah Meyerhans <noahm@debian.org> | invalid | 2020-05-21 | ||
| Correct-misspellings.patch | Correct misspellings Found by Lintian |
Christian Göttsche <cgzones@googlemail.com> | no | 2020-05-31 | ||
| test-backtrace.patch | Updates the symbol to check for in the backtrace unit tests Updates the symbol to check for in the backtrace unit tests to something that appears in all the traces on the platforms we support. |
Noah Meyerhans <noahm@debian.org> | no | 2020-06-12 | ||
| doveadm-director.1-drop-acute-accent.patch | doveadm-director.1: drop acute accent Found by Lintian: This manual page uses the \' groff sequence. Usually, the intent to generate an apostrophe, but that sequence actually renders as a an acute accent. For an apostrophe or a single closing quote, use plain '. For single opening quote, i.e. a straight downward line ' like the one used in shell commands, use \(aq. |
Christian Göttsche <cgzones@googlemail.com> | no | 2020-08-14 | ||
| Fix-32bit-sign-comparisons.patch | Fix 32bit sign comparisons sieve-binary.c: In function 'sieve_binary_get_resource_usage': sieve-binary.c:199:54: warning: comparison of integer expressions of different signedness: 'time_t' {aka 'long int'} and 'unsigned int' [-Wsign-compare] 199 | if (update_time != 0 && (ioloop_time - update_time) > timeout) | ^ |
Christian Göttsche <cgzones@googlemail.com> | no | 2021-01-04 | ||
| Improve-cross-compile-support.patch | Improve cross-compile support The check for the signedness of size_t really doesn't have to be run as that is a compile time property. Beyond that, dovecot uses mysql_config. I've looked into that and mysql_config is unfixably broken during cross builds. It will not be fixed. Instead, please use pkg-config. My patch implements that with a fallback to mysql_config to avoid breaking other users. Last but not least, src/lib-lua/Makefile.am adds $(LUA_LIBS) to libdovecot_lua_la_DEPENDENCIES. As it happens, LUA_LIBS contains a -L flag and when that flag shows up in a dependency, make gives up. I have no clue why one would add LUA_LIBS to DEPENDENCIES as it already is being correctly added to LIBADD. My patch suggests to quite simply drop that. |
Helmut Grohne <helmut@subdivi.de> | no | 2021-01-05 | ||
| Silence-LTO-related-compiler-warning.patch | Silence LTO related compiler warning master-service-settings-cache.c: In function 'master_service_settings_cache_init_filter': master-service-settings-cache.c:94:3: warning: 'error' may be used uninitialized in this function [-Wmaybe-uninitialized] 94 | i_error("master-service: cannot get filters: %s", error); | ^ master-service-settings-cache.c:89:14: note: 'error' was declared here 89 | const char *error; | ^ |
Christian Göttsche <cgzones@googlemail.com> | no | 2021-06-21 | ||
| md4-md5-disable-optimization-causing-unaligned-access.patch | md4/md5: disable optimization causing unaligned access This restores unit tests with GCC 11 and LTO. md5.c:92:23: warning: cast from 'const unsigned char *' to 'const uint32_t *' (aka 'const unsigned int *') increases required alignment from 1 to 4 [-Wcast-align] STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7) ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~ md5.c:51:4: note: expanded from macro 'SET' (*(const uint32_t *)&ptr[(n) * 4]) ^ md5.c:37:29: note: expanded from macro 'STEP' (a) += f((b), (c), (d)) + (x) + (t); \ ^ md5.c:92:3: runtime error: load of misaligned address 0x61900000008b for type 'const uint32_t' (aka 'const unsigned int'), which requires 4 byte alignment 0x61900000008b: note: pointer points here 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 ^ |
Christian Göttsche <cgzones@googlemail.com> | no | 2021-12-07 | ||
| Support-openssl-3.0.patch | Support openssl 3.0 | Michal Hlavinka | no | https://bugzilla.redhat.com/show_bug.cgi?id=1962035 | 2022-05-11 | |
| Debug-flaky-unit-test.patch | Debug flaky unit test See #1007744 |
Christian Göttsche <cgzones@googlemail.com> | no | 2022-06-06 | ||
| Avoid-usage-of-PATH_MAX-not-available-on-hurd.patch | Avoid usage of PATH_MAX not available on hurd | Christian Göttsche <cgzones@googlemail.com> | no | 2022-06-06 | ||
| auth-Fix-handling-passdbs-with-identical-driver-args-but-.patch | auth: Fix handling passdbs with identical driver/args but different mechanisms/username_filter The passdb was wrongly deduplicated in this situation, causing wrong mechanisms or username_filter setting to be used. This would be a rather unlikely configuration though. Fixed by moving mechanisms and username_filter from struct passdb_module to struct auth_passdb, which is where they should have been in the first place. |
Timo Sirainen <timo.sirainen@open-xchange.com> | no | 2022-05-09 | ||
| auth-Add-a-comment-about-updating-userdb_find.patch | auth: Add a comment about updating userdb_find() | Timo Sirainen <timo.sirainen@open-xchange.com> | no | 2022-05-16 | ||
| Fix-uninitialized-read-in-doveadm-oldstats.patch | Fix uninitialized read in doveadm-oldstats The third argument to doveadm_cmd_param_bool() is only set on a return value of TRUE. Since disk_input_field and disk_output_field should be set if the value of show-disk-io is specified and specified to true, fix the condition. doveadm-oldstats.c: In function 'cmd_stats_top': doveadm-oldstats.c:551:63: warning: 'b' may be used uninitialized [-Wmaybe-uninitialized] 551 | if (!doveadm_cmd_param_bool(cctx, "show-disk-io", &b) && b) { | ^ doveadm-oldstats.c:545:14: note: 'b' was declared here 545 | bool b; | ^ |
Christian Göttsche <cgzones@googlemail.com> | no | 2022-07-23 | ||
| CVE-2024-23184.patch | Upstream fix for CVE-2024-23184 | Timo Sirainen <timo.sirainen@open-xchange.com> | no | https://github.com/dovecot/core/compare/8e4c42d%5E...1481c04.patch | ||
| CVE-2024-23185.patch | Upstream fix for CVE-2024-23185 | Marco Bettini <marco.bettini@open-xchange.com> | no | 2024-04-12 | ||
| CVE-2025-59031.patch | [PATCH 02/24] fts: Remove decode2text.sh The script is flawed and not fit for production use, should recommend writing your own script, or using Apache Tika. |
Aki Tuomi <aki.tuomi@open-xchange.com> | no | 2026-01-08 | ||
| CVE-2025-59032.patch | managesieve-login: Fix crash when command didn't finish on the first call | Timo Sirainen <timo.sirainen@open-xchange.com> | no | 2025-12-22 | ||
| CVE-2026-0394-1.patch | auth: db-passwd-file - Add db_passwd_fix_path() | Aki Tuomi <aki.tuomi@open-xchange.com> | no | 2024-11-13 | ||
| CVE-2026-0394-2.patch | auth: db-passwd-file - Normalize path with db_passwd_fix_path() Otherwise there is a chance that we leak one ../ |
Aki Tuomi <aki.tuomi@open-xchange.com> | no | 2024-11-13 | ||
| CVE-2026-27855-1.patch | [PATCH 21/24] auth: cache - Use translated username in auth_cache_remove() | Aki Tuomi <aki.tuomi@open-xchange.com> | no | 2026-03-09 | ||
| CVE-2026-27855-2.patch | [PATCH 22/24] auth: Move passdb event lifecycle handling to auth_request_passdb_event_(begin|end) | Aki Tuomi <aki.tuomi@open-xchange.com> | no | 2026-03-11 | ||
| CVE-2026-27855-3.patch | [PATCH 23/24] auth: Initialize set_credentials event properly Fixes update_query |
Aki Tuomi <aki.tuomi@open-xchange.com> | no | 2026-03-09 | ||
| CVE-2026-27855-4.patch | [PATCH 24/24] auth: passdb-sql - Require update_query to be set when used | Aki Tuomi <aki.tuomi@open-xchange.com> | no | 2026-03-11 | ||
| CVE-2026-27856-1.patch | [PATCH 16/24] doveadm: client-connection - Use timing safe credential check | Aki Tuomi <aki.tuomi@open-xchange.com> | no | 2026-03-04 | ||
| CVE-2026-27856-2.patch | [PATCH 17/24] doveadm: Use datastack for temporary b64 value There is no need to allocate it from connection pool. |
Aki Tuomi <aki.tuomi@open-xchange.com> | no | 2026-03-04 | ||
| CVE-2026-27856-3.patch | [PATCH 18/24] doveadm: client-connection - Get API key from per-connection settings | Aki Tuomi <aki.tuomi@open-xchange.com> | no | 2026-03-04 | ||
| CVE-2026-27857-1.patch | [PATCH 1/2] plugins: imap-filter-sieve: imap-filter-sieve - Adjust to imap_parser_create() API change | Timo Sirainen <timo.sirainen@open-xchange.com> | no | 2026-03-06 | ||
| CVE-2026-27857-2.patch | [PATCH 12/24] lib-imap, global: Add params parameter to imap_parser_create() | Timo Sirainen <timo.sirainen@open-xchange.com> | no | 2026-03-06 | ||
| CVE-2026-27857-3.patch | [PATCH 13/24] lib-imap: Add imap_parser_params.list_count_limit | Timo Sirainen <timo.sirainen@open-xchange.com> | no | 2026-03-06 | ||
| CVE-2026-27857-4.patch | [PATCH 14/24] imap-login: Limit the number of open IMAP parser lists This prevents attackers from using a large number of '(' in a command to grow memory usage excessively. |
Timo Sirainen <timo.sirainen@open-xchange.com> | no | 2026-03-06 | ||
| CVE-2026-27857-5.patch | [PATCH 15/24] global: Use const for struct imap_parser_params params | Timo Sirainen <timo.sirainen@open-xchange.com> | no | 2026-03-02 | ||
| CVE-2026-27858.patch | [PATCH 2/2] managesieve-login: Verify AUTHENTICATE initial response size isn't too large This prevents DoSing the managesieve-login by sending an excessively large initial response size, which causes a huge memory allocation. |
Timo Sirainen <timo.sirainen@open-xchange.com> | no | 2026-03-02 | ||
| CVE-2026-27859.patch | [PATCH 03/24] lib-mail: Limit the number of RFC2231 parameters that can be parsed This avoids excessive CPU usage especially in result_append(). |
Timo Sirainen <timo.sirainen@open-xchange.com> | no | 2026-02-24 |
All known versions for source package 'dovecot'
- 1:2.4.3+dfsg1-1 (sid)
- 1:2.4.2+dfsg1-4 (forky)
- 1:2.4.1+dfsg1-6+deb13u4 (trixie-proposed-updates, trixie-security)
- 1:2.4.1+dfsg1-6+deb13u3 (trixie)
- 1:2.3.21.1+dfsg1-1~bpo12+1 (bookworm-backports)
- 1:2.3.19.1+dfsg1-2.1+deb12u3 (bookworm-security)
- 1:2.3.19.1+dfsg1-2.1+deb12u2 (bookworm-proposed-updates)
- 1:2.3.19.1+dfsg1-2.1+deb12u1 (bookworm)