From: Ankur Tyagi <[email protected]> Release Notes: - CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. - CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email. - oauth2: Dovecot would send client_id and client_secret as POST parameters to introspection server. These need to be optionally in Basic auth instead as required by OIDC specification. - oauth2: JWT key type check was too strict. - oauth2: JWT token audience was not validated against client_id as required by OIDC specification. - oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out protocol specific error message on all errors. This broke OIDC discovery. - oauth2: JWT aud validation was not performed if aud was missing from token, but was configured on Dovecot.
Signed-off-by: Ankur Tyagi <[email protected]> --- .../dovecot/{dovecot_2.3.21.bb => dovecot_2.3.21.1.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-support/dovecot/{dovecot_2.3.21.bb => dovecot_2.3.21.1.bb} (97%) diff --git a/meta-networking/recipes-support/dovecot/dovecot_2.3.21.bb b/meta-networking/recipes-support/dovecot/dovecot_2.3.21.1.bb similarity index 97% rename from meta-networking/recipes-support/dovecot/dovecot_2.3.21.bb rename to meta-networking/recipes-support/dovecot/dovecot_2.3.21.1.bb index c626f26457..48e1e8a832 100644 --- a/meta-networking/recipes-support/dovecot/dovecot_2.3.21.bb +++ b/meta-networking/recipes-support/dovecot/dovecot_2.3.21.1.bb @@ -13,7 +13,7 @@ SRC_URI = "http://dovecot.org/releases/2.3/dovecot-${PV}.tar.gz \ file://0001-m4-Check-for-libunwind-instead-of-libunwind-generic.patch \ file://0001-auth-Fix-handling-passdbs-with-identical-driver-args.patch \ " -SRC_URI[sha256sum] = "05b11093a71c237c2ef309ad587510721cc93bbee6828251549fc1586c36502d" +SRC_URI[sha256sum] = "2d90a178c4297611088bf7daae5492a3bc3d5ab6328c3a032eb425d2c249097e" DEPENDS = "openssl xz zlib bzip2 libcap icu libtirpc bison-native" CFLAGS += "-I${STAGING_INCDIR}/tirpc"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122845): https://lists.openembedded.org/g/openembedded-devel/message/122845 Mute This Topic: https://lists.openembedded.org/mt/116926578/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
