f838a05fb9
CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Add TSLv1.3 support to min_protocols. Allow configuring ssl_cipher_suites. (for TLSv1.3+)
12 lines
496 B
Diff
12 lines
496 B
Diff
diff -up dovecot-2.3.15/dovecot.service.in.waitonline dovecot-2.3.15/dovecot.service.in
|
|
--- dovecot-2.3.15/dovecot.service.in.waitonline 2021-06-21 20:19:19.560494654 +0200
|
|
+++ dovecot-2.3.15/dovecot.service.in 2021-06-21 20:21:17.443066248 +0200
|
|
@@ -15,6 +15,7 @@ After=local-fs.target network-online.tar
|
|
|
|
[Service]
|
|
Type=@systemdservicetype@
|
|
+ExecStartPre=/usr/libexec/dovecot/prestartscript
|
|
ExecStart=@sbindir@/dovecot -F
|
|
ExecReload=@bindir@/doveadm reload
|
|
ExecStop=@bindir@/doveadm stop
|