mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity
Files
f243689cda24339af92d3b293e0138dafeb2e4e8
meta-openembedded/meta-networking/recipes-support/dovecot
T
History
Ankur Tyagi 50906d9169 dovecot: upgrade 2.3.21 -> 2.3.21.1 
Release Notes:
- CVE-2024-23184: A large number of address headers in email resulted
  in excessive CPU usage.
- CVE-2024-23185: Abnormally large email headers are now truncated or
  discarded, with a limit of 10MB on a single header and 50MB for all
  the headers of all the parts of an email.
- oauth2: Dovecot would send client_id and client_secret as POST parameters
  to introspection server. These need to be optionally in Basic auth
  instead as required by OIDC specification.
- oauth2: JWT key type check was too strict.
- oauth2: JWT token audience was not validated against client_id as
  required by OIDC specification.
- oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out
  protocol specific error message on all errors. This broke OIDC discovery.
- oauth2: JWT aud validation was not performed if aud was missing
  from token, but was configured on Dovecot.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-30 07:08:12 +05:30
..
dovecot
dovecot: patch CVE-2022-30550
2025-10-06 16:10:53 +08:00
dovecot_2.3.21.1.bb
dovecot: upgrade 2.3.21 -> 2.3.21.1
2025-12-30 07:08:12 +05:30