diff options
| author | Ankur Tyagi <ankur.tyagi85@gmail.com> | 2025-12-24 13:19:27 +0530 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2025-12-30 07:08:12 +0530 |
| commit | 50906d9169dc8055acd279706357d13c8f38c102 (patch) | |
| tree | c220cec95bcd0a88738f50654c427b29278edb6b /meta-networking | |
| parent | 19d7eedf67ea1b8fe27790366d98a7e888cb839a (diff) | |
| download | meta-openembedded-50906d9169dc8055acd279706357d13c8f38c102.tar.gz | |
dovecot: upgrade 2.3.21 -> 2.3.21.1
Release Notes:
- CVE-2024-23184: A large number of address headers in email resulted
in excessive CPU usage.
- CVE-2024-23185: Abnormally large email headers are now truncated or
discarded, with a limit of 10MB on a single header and 50MB for all
the headers of all the parts of an email.
- oauth2: Dovecot would send client_id and client_secret as POST parameters
to introspection server. These need to be optionally in Basic auth
instead as required by OIDC specification.
- oauth2: JWT key type check was too strict.
- oauth2: JWT token audience was not validated against client_id as
required by OIDC specification.
- oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out
protocol specific error message on all errors. This broke OIDC discovery.
- oauth2: JWT aud validation was not performed if aud was missing
from token, but was configured on Dovecot.
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-networking')
| -rw-r--r-- | meta-networking/recipes-support/dovecot/dovecot_2.3.21.1.bb (renamed from meta-networking/recipes-support/dovecot/dovecot_2.3.21.bb) | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-networking/recipes-support/dovecot/dovecot_2.3.21.bb b/meta-networking/recipes-support/dovecot/dovecot_2.3.21.1.bb index c626f26457..48e1e8a832 100644 --- a/meta-networking/recipes-support/dovecot/dovecot_2.3.21.bb +++ b/meta-networking/recipes-support/dovecot/dovecot_2.3.21.1.bb | |||
| @@ -13,7 +13,7 @@ SRC_URI = "http://dovecot.org/releases/2.3/dovecot-${PV}.tar.gz \ | |||
| 13 | file://0001-m4-Check-for-libunwind-instead-of-libunwind-generic.patch \ | 13 | file://0001-m4-Check-for-libunwind-instead-of-libunwind-generic.patch \ |
| 14 | file://0001-auth-Fix-handling-passdbs-with-identical-driver-args.patch \ | 14 | file://0001-auth-Fix-handling-passdbs-with-identical-driver-args.patch \ |
| 15 | " | 15 | " |
| 16 | SRC_URI[sha256sum] = "05b11093a71c237c2ef309ad587510721cc93bbee6828251549fc1586c36502d" | 16 | SRC_URI[sha256sum] = "2d90a178c4297611088bf7daae5492a3bc3d5ab6328c3a032eb425d2c249097e" |
| 17 | 17 | ||
| 18 | DEPENDS = "openssl xz zlib bzip2 libcap icu libtirpc bison-native" | 18 | DEPENDS = "openssl xz zlib bzip2 libcap icu libtirpc bison-native" |
| 19 | CFLAGS += "-I${STAGING_INCDIR}/tirpc" | 19 | CFLAGS += "-I${STAGING_INCDIR}/tirpc" |
