Marcus Rueckert
cc01911aa8
https://github.com/dovecot/core/releases/tag/2.4.0 https://github.com/dovecot/pigeonhole/releases/tag/2.4.0 New 2.4 packages are not compatible with old 2.3 configuration, please carefully review https://doc.dovecot.org/2.4.0/installation/upgrade/2.3-to-2.4.html before installing the new packages. https://doc.dovecot.org/2.4.0/installation/installation.html - Add dovecot-link-icu76.patch: configure: Explicitly check for icu-uc Ensure we link against libicu-uc when it's split in v76 (boo#1233582). - Call autoreconf in build section, as above patch touches the build system. - update to 2.3.21.1 and pigeonhole 0.5.21.1 Dovecot 2.3.21.1 - CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. [boo#1229184] - CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email. [boo#1229183] - oauth2: Dovecot would send client_id and client_secret as POST parameters to introspection server. These need to be optionally in Basic auth instead as required by OIDC specification. - oauth2: JWT key type check was too strict. - oauth2: JWT token audience was not validated against client_id as required by OIDC specification. - oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out protocol specific error message on all errors. This broke OIDC discovery. OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot24?expand=0&rev=1
2 lines
5 B
Plaintext
2 lines
5 B
Plaintext
.osc
|