Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected] Control: affects -1 + src:dovecot User: [email protected] Usertags: pu
The version of dovecot currently staged for inclusion in the next trixie point release inadvertently introduced a memory leak when backporting upstream's fix for CVE-2026-27857. After conversation with the security team, we decided that the leak was not severe enough to warrant a revision to the DSA, but could instead wait for the upcoming trixie point release. So that's what this request is about. This change updates debian/patches/CVE-2026-27857-2.patch to remove a stray line "id->log_reply = str_new(default_pool, 64);" It also refreshes debian/patches/CVE-2026-27857-4.patch based on contextual changes from updating -2. This change also pulls in an autopkgtest that was introduced in the bookworm update in DSA 6197 to detect a regression in that update. debdiff is attached. noah
diff -Nru dovecot-2.4.1+dfsg1/debian/changelog dovecot-2.4.1+dfsg1/debian/changelog --- dovecot-2.4.1+dfsg1/debian/changelog 2026-03-31 15:07:17.000000000 -0400 +++ dovecot-2.4.1+dfsg1/debian/changelog 2026-05-06 15:18:43.000000000 -0400 @@ -1,3 +1,10 @@ +dovecot (1:2.4.1+dfsg1-6+deb13u5) trixie; urgency=medium + + * [b357180] autopkgtests: Add managesieved authentication test + * [c9d69a1] Fix memory leak in CVE-2026-27857 fix + + -- Noah Meyerhans <[email protected]> Wed, 06 May 2026 15:18:43 -0400 + dovecot (1:2.4.1+dfsg1-6+deb13u4) trixie-security; urgency=medium * [bc29057] CVE-2025-59028: auth: Don't disconnect auth client when diff -Nru dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-2.patch dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-2.patch --- dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-2.patch 2026-03-31 15:07:17.000000000 -0400 +++ dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-2.patch 2026-05-05 20:14:11.000000000 -0400 @@ -20,8 +20,10 @@ src/plugins/virtual/virtual-config.c | 2 +- 13 files changed, 30 insertions(+), 19 deletions(-) ---- dovecot-2.4.1+dfsg1.orig/src/imap-login/imap-login-client.c -+++ dovecot-2.4.1+dfsg1/src/imap-login/imap-login-client.c +Index: dovecot/src/imap-login/imap-login-client.c +=================================================================== +--- dovecot.orig/src/imap-login/imap-login-client.c ++++ dovecot/src/imap-login/imap-login-client.c @@ -382,7 +382,7 @@ static int imap_client_create(struct cli imap_client->parser = imap_parser_create(imap_client->common.input, @@ -40,21 +42,24 @@ /* CRLF is lost from buffer when streams are reopened. */ imap_client->skip_line = FALSE; ---- dovecot-2.4.1+dfsg1.orig/src/imap-login/imap-login-cmd-id.c -+++ dovecot-2.4.1+dfsg1/src/imap-login/imap-login-cmd-id.c -@@ -346,7 +346,9 @@ int cmd_id(struct imap_client *client) +Index: dovecot/src/imap-login/imap-login-cmd-id.c +=================================================================== +--- dovecot.orig/src/imap-login/imap-login-cmd-id.c ++++ dovecot/src/imap-login/imap-login-cmd-id.c +@@ -346,7 +346,8 @@ int cmd_id(struct imap_client *client) id->params->pool = param_pool; id->parser = imap_parser_create(client->common.input, client->common.output, - IMAP_LOGIN_MAX_LINE_LENGTH); + IMAP_LOGIN_MAX_LINE_LENGTH, + NULL); -+ id->log_reply = str_new(default_pool, 64); if (client->set->imap_literal_minus) imap_parser_enable_literal_minus(id->parser); parser_flags = IMAP_PARSE_FLAG_STOP_AT_LIST; ---- dovecot-2.4.1+dfsg1.orig/src/imap/cmd-append.c -+++ dovecot-2.4.1+dfsg1/src/imap/cmd-append.c +Index: dovecot/src/imap/cmd-append.c +=================================================================== +--- dovecot.orig/src/imap/cmd-append.c ++++ dovecot/src/imap/cmd-append.c @@ -1063,7 +1063,8 @@ static bool cmd_append_full(struct clien o_stream_unset_flush_callback(client->output); @@ -65,8 +70,10 @@ if (client->set->imap_literal_minus) imap_parser_enable_literal_minus(ctx->save_parser); ---- dovecot-2.4.1+dfsg1.orig/src/imap/cmd-setmetadata.c -+++ dovecot-2.4.1+dfsg1/src/imap/cmd-setmetadata.c +Index: dovecot/src/imap/cmd-setmetadata.c +=================================================================== +--- dovecot.orig/src/imap/cmd-setmetadata.c ++++ dovecot/src/imap/cmd-setmetadata.c @@ -289,7 +289,8 @@ cmd_setmetadata_start(struct imap_setmet asynchronously the same way as APPEND does. */ client->input_lock = cmd; @@ -77,8 +84,10 @@ if (client->set->imap_literal_minus) imap_parser_enable_literal_minus(ctx->parser); o_stream_unset_flush_callback(client->output); ---- dovecot-2.4.1+dfsg1.orig/src/imap/imap-client.c -+++ dovecot-2.4.1+dfsg1/src/imap/imap-client.c +Index: dovecot/src/imap/imap-client.c +=================================================================== +--- dovecot.orig/src/imap/imap-client.c ++++ dovecot/src/imap/imap-client.c @@ -975,7 +975,8 @@ client_command_new(struct client *client } else { cmd->parser = @@ -89,8 +98,10 @@ if (client->set->imap_literal_minus) imap_parser_enable_literal_minus(cmd->parser); } ---- dovecot-2.4.1+dfsg1.orig/src/lib-imap-client/imapc-connection.c -+++ dovecot-2.4.1+dfsg1/src/lib-imap-client/imapc-connection.c +Index: dovecot/src/lib-imap-client/imapc-connection.c +=================================================================== +--- dovecot.orig/src/lib-imap-client/imapc-connection.c ++++ dovecot/src/lib-imap-client/imapc-connection.c @@ -1876,7 +1876,8 @@ static void imapc_connection_connect_nex o_stream_set_flush_callback(conn->output, imapc_connection_connected, conn); @@ -101,8 +112,10 @@ conn->to = timeout_add(conn->client->set->imapc_connection_timeout_interval_msecs, imapc_connection_timeout, conn); conn->to_output = timeout_add(conn->client->set->imapc_max_idle_time_secs*1000, ---- dovecot-2.4.1+dfsg1.orig/src/lib-imap-storage/imap-msgpart.c -+++ dovecot-2.4.1+dfsg1/src/lib-imap-storage/imap-msgpart.c +Index: dovecot/src/lib-imap-storage/imap-msgpart.c +=================================================================== +--- dovecot.orig/src/lib-imap-storage/imap-msgpart.c ++++ dovecot/src/lib-imap-storage/imap-msgpart.c @@ -149,7 +149,7 @@ imap_msgpart_get_header_fields(pool_t po int result = 0; @@ -112,8 +125,10 @@ if (imap_parser_finish_line(parser, 0, 0, &args) > 0 && imap_arg_get_list_full(args, &hdr_list, &list_count) && ---- dovecot-2.4.1+dfsg1.orig/src/lib-imap/imap-bodystructure.c -+++ dovecot-2.4.1+dfsg1/src/lib-imap/imap-bodystructure.c +Index: dovecot/src/lib-imap/imap-bodystructure.c +=================================================================== +--- dovecot.orig/src/lib-imap/imap-bodystructure.c ++++ dovecot/src/lib-imap/imap-bodystructure.c @@ -722,7 +722,7 @@ int imap_bodystructure_parse_full(const input = i_stream_create_from_data(bodystructure, strlen(bodystructure)); (void)i_stream_read(input); @@ -132,8 +147,10 @@ ret = imap_parser_finish_line(parser, 0, IMAP_PARSE_FLAG_NO_UNESCAPE | IMAP_PARSE_FLAG_LITERAL_TYPE, &args); if (ret < 0) { ---- dovecot-2.4.1+dfsg1.orig/src/lib-imap/imap-envelope.c -+++ dovecot-2.4.1+dfsg1/src/lib-imap/imap-envelope.c +Index: dovecot/src/lib-imap/imap-envelope.c +=================================================================== +--- dovecot.orig/src/lib-imap/imap-envelope.c ++++ dovecot/src/lib-imap/imap-envelope.c @@ -222,7 +222,7 @@ bool imap_envelope_parse(const char *env input = i_stream_create_from_data(envelope, strlen(envelope)); (void)i_stream_read(input); @@ -143,8 +160,10 @@ ret = imap_parser_finish_line(parser, 0, IMAP_PARSE_FLAG_LITERAL_TYPE, &args); if (ret < 0) { ---- dovecot-2.4.1+dfsg1.orig/src/lib-imap/imap-parser.c -+++ dovecot-2.4.1+dfsg1/src/lib-imap/imap-parser.c +Index: dovecot/src/lib-imap/imap-parser.c +=================================================================== +--- dovecot.orig/src/lib-imap/imap-parser.c ++++ dovecot/src/lib-imap/imap-parser.c @@ -69,7 +69,8 @@ struct imap_parser { struct imap_parser * @@ -155,8 +174,10 @@ { struct imap_parser *parser; ---- dovecot-2.4.1+dfsg1.orig/src/lib-imap/imap-parser.h -+++ dovecot-2.4.1+dfsg1/src/lib-imap/imap-parser.h +Index: dovecot/src/lib-imap/imap-parser.h +=================================================================== +--- dovecot.orig/src/lib-imap/imap-parser.h ++++ dovecot/src/lib-imap/imap-parser.h @@ -38,6 +38,9 @@ enum imap_parser_error { IMAP_PARSE_ERROR_LITERAL_TOO_BIG }; @@ -177,8 +198,10 @@ void imap_parser_ref(struct imap_parser *parser); void imap_parser_unref(struct imap_parser **parser); ---- dovecot-2.4.1+dfsg1.orig/src/lib-imap/test-imap-parser.c -+++ dovecot-2.4.1+dfsg1/src/lib-imap/test-imap-parser.c +Index: dovecot/src/lib-imap/test-imap-parser.c +=================================================================== +--- dovecot.orig/src/lib-imap/test-imap-parser.c ++++ dovecot/src/lib-imap/test-imap-parser.c @@ -16,7 +16,7 @@ static void test_imap_parser_crlf(void) test_begin("imap parser crlf handling"); @@ -215,8 +238,10 @@ ret = imap_parser_read_command_name(parser, &atom); test_assert_idx(ret == tests[i].ret, i); test_assert_idx(ret <= 0 || strcmp(tests[i].tag, atom) == 0, i); ---- dovecot-2.4.1+dfsg1.orig/src/plugins/virtual/virtual-config.c -+++ dovecot-2.4.1+dfsg1/src/plugins/virtual/virtual-config.c +Index: dovecot/src/plugins/virtual/virtual-config.c +=================================================================== +--- dovecot.orig/src/plugins/virtual/virtual-config.c ++++ dovecot/src/plugins/virtual/virtual-config.c @@ -54,7 +54,7 @@ virtual_search_args_parse(const string_t input = i_stream_create_from_data(str_data(rule), str_len(rule)); (void)i_stream_read(input); diff -Nru dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-4.patch dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-4.patch --- dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-4.patch 2026-03-31 15:07:17.000000000 -0400 +++ dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-4.patch 2026-05-05 20:33:28.000000000 -0400 @@ -11,8 +11,10 @@ src/imap-login/imap-login-cmd-id.c | 6 +++++- 3 files changed, 17 insertions(+), 3 deletions(-) ---- dovecot-2.4.1+dfsg1.orig/src/imap-login/imap-login-client.c -+++ dovecot-2.4.1+dfsg1/src/imap-login/imap-login-client.c +Index: dovecot/src/imap-login/imap-login-client.c +=================================================================== +--- dovecot.orig/src/imap-login/imap-login-client.c ++++ dovecot/src/imap-login/imap-login-client.c @@ -379,10 +379,13 @@ static int imap_client_create(struct cli return -1; } @@ -44,8 +46,10 @@ /* CRLF is lost from buffer when streams are reopened. */ imap_client->skip_line = FALSE; ---- dovecot-2.4.1+dfsg1.orig/src/imap-login/imap-login-client.h -+++ dovecot-2.4.1+dfsg1/src/imap-login/imap-login-client.h +Index: dovecot/src/imap-login/imap-login-client.h +=================================================================== +--- dovecot.orig/src/imap-login/imap-login-client.h ++++ dovecot/src/imap-login/imap-login-client.h @@ -11,6 +11,10 @@ /* maximum length for IMAP command line. */ #define IMAP_LOGIN_MAX_LINE_LENGTH 8192 @@ -57,8 +61,10 @@ enum imap_client_id_state { IMAP_CLIENT_ID_STATE_LIST = 0, IMAP_CLIENT_ID_STATE_KEY, ---- dovecot-2.4.1+dfsg1.orig/src/imap-login/imap-login-cmd-id.c -+++ dovecot-2.4.1+dfsg1/src/imap-login/imap-login-cmd-id.c +Index: dovecot/src/imap-login/imap-login-cmd-id.c +=================================================================== +--- dovecot.orig/src/imap-login/imap-login-cmd-id.c ++++ dovecot/src/imap-login/imap-login-cmd-id.c @@ -344,10 +344,14 @@ int cmd_id(struct imap_client *client) client->cmd_id = id = i_new(struct imap_client_cmd_id, 1); id->params = p_new(param_pool, struct imap_id_params, 1); @@ -72,6 +78,6 @@ IMAP_LOGIN_MAX_LINE_LENGTH, - NULL); + ¶ms); - id->log_reply = str_new(default_pool, 64); if (client->set->imap_literal_minus) imap_parser_enable_literal_minus(id->parser); + parser_flags = IMAP_PARSE_FLAG_STOP_AT_LIST; diff -Nru dovecot-2.4.1+dfsg1/debian/tests/control dovecot-2.4.1+dfsg1/debian/tests/control --- dovecot-2.4.1+dfsg1/debian/tests/control 2026-03-06 15:20:26.000000000 -0500 +++ dovecot-2.4.1+dfsg1/debian/tests/control 2026-05-05 20:12:28.000000000 -0400 @@ -6,7 +6,7 @@ Depends: dovecot-core, systemd-sysv Test-Command: run-parts --report --exit-on-error debian/tests/usage -Depends: dovecot-imapd, dovecot-pop3d, python3 +Depends: dovecot-imapd, dovecot-pop3d, dovecot-managesieved, sieve-connect, python3 Restrictions: needs-root, breaks-testbed, allow-stderr Tests: testmails diff -Nru dovecot-2.4.1+dfsg1/debian/tests/usage/sieve dovecot-2.4.1+dfsg1/debian/tests/usage/sieve --- dovecot-2.4.1+dfsg1/debian/tests/usage/sieve 1969-12-31 19:00:00.000000000 -0500 +++ dovecot-2.4.1+dfsg1/debian/tests/usage/sieve 2026-05-05 20:12:28.000000000 -0400 @@ -0,0 +1,8 @@ +#!/usr/bin/bash +# Validate managesieved authentication + +user=dep8 +pass=test + +sieve-connect --notlsverify --debug -s localhost \ + -p 4190 -u "$user" --list --passwordfd 3 3< <(echo "$pass")
