Version in base suite: 2.4.1+dfsg1-6+deb13u2 Base version: dovecot_2.4.1+dfsg1-6+deb13u2 Target version: dovecot_2.4.1+dfsg1-6+deb13u3 Base file: /srv/ftp-master.debian.org/ftp/pool/main/d/dovecot/dovecot_2.4.1+dfsg1-6+deb13u2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/d/dovecot/dovecot_2.4.1+dfsg1-6+deb13u3.dsc changelog | 10 + patches/0001-trash-Use-mailbox-event-in-trash_try_mailbox-for-set.patch | 63 ++++++++++ patches/acl-Fix-crash-when-group-ACLs-are-used-but-user-s-ac.patch | 28 ++++ patches/bug1121000_dovecot-ldap_Crash_if_iterate_filter_is_set_but_iterate_fields_is_not_set.patch | 28 ++++ patches/series | 3 5 files changed, 132 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpy2mzn4zi/dovecot_2.4.1+dfsg1-6+deb13u2.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpy2mzn4zi/dovecot_2.4.1+dfsg1-6+deb13u3.dsc: no acceptable signature found diff -Nru dovecot-2.4.1+dfsg1/debian/changelog dovecot-2.4.1+dfsg1/debian/changelog --- dovecot-2.4.1+dfsg1/debian/changelog 2025-10-23 14:01:33.000000000 +0000 +++ dovecot-2.4.1+dfsg1/debian/changelog 2026-03-06 14:36:28.000000000 +0000 @@ -1,3 +1,13 @@ +dovecot (1:2.4.1+dfsg1-6+deb13u3) trixie; urgency=medium + + * [1186296] import upstream fix for possible crash in ldap userdb + (Closes: #1121000) + * [14c13a5] backport upstream fix for crash in trash plugin (Closes: #1127029) + * [95bf3b3] Backport fix for segfault when group ACLs are present but the + user has no groups (Closes: #1129952) + + -- Noah Meyerhans Fri, 06 Mar 2026 09:36:28 -0500 + dovecot (1:2.4.1+dfsg1-6+deb13u2) trixie; urgency=medium * [6ac2883] Clean up a few typos in default/example config (Closes: #1112667) diff -Nru dovecot-2.4.1+dfsg1/debian/patches/0001-trash-Use-mailbox-event-in-trash_try_mailbox-for-set.patch dovecot-2.4.1+dfsg1/debian/patches/0001-trash-Use-mailbox-event-in-trash_try_mailbox-for-set.patch --- dovecot-2.4.1+dfsg1/debian/patches/0001-trash-Use-mailbox-event-in-trash_try_mailbox-for-set.patch 1970-01-01 00:00:00.000000000 +0000 +++ dovecot-2.4.1+dfsg1/debian/patches/0001-trash-Use-mailbox-event-in-trash_try_mailbox-for-set.patch 2026-03-06 14:36:28.000000000 +0000 @@ -0,0 +1,63 @@ +From 06af53902479572fc96f04b4372fdabb9d01996b Mon Sep 17 00:00:00 2001 +From: Aki Tuomi +Date: Fri, 9 Jan 2026 13:31:42 +0200 +Subject: [PATCH] trash: Use mailbox event in trash_try_mailbox() for settings +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127029 + +--- + src/plugins/trash/trash-plugin.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/src/plugins/trash/trash-plugin.c b/src/plugins/trash/trash-plugin.c +index 827ba91ec5..7865de2ef6 100644 +--- a/src/plugins/trash/trash-plugin.c ++++ b/src/plugins/trash/trash-plugin.c +@@ -570,14 +570,13 @@ static int trash_mailbox_priority_cmp(const struct trash_mailbox *t1, + return strcmp(t1->name, t2->name); + } + +-static int trash_try_mailbox(struct mail_namespace *ns, const char *box_name, ++static int trash_try_mailbox(struct mail_namespace *ns, struct event *mbox_event, + const char **error_r) + { + struct trash_user *tuser = TRASH_USER_CONTEXT_REQUIRE(ns->user); + const struct trash_settings *trash_set; +- if (settings_try_get_filter(ns->list->event, "mailbox", box_name, +- &trash_setting_parser_info, 0, +- &trash_set, error_r) < 0) ++ if (settings_get(mbox_event, &trash_setting_parser_info, 0, ++ &trash_set, error_r) < 0) + return -1; + unsigned int trash_priority = trash_set->trash_priority; + settings_free(trash_set); +@@ -586,9 +585,8 @@ static int trash_try_mailbox(struct mail_namespace *ns, const char *box_name, + return 0; + + const struct mailbox_settings *box_set; +- if (settings_try_get_filter(ns->list->event, "mailbox", box_name, +- &mailbox_setting_parser_info, 0, +- &box_set, error_r) < 0) ++ if (settings_get(mbox_event, &mailbox_setting_parser_info, 0, ++ &box_set, error_r) < 0) + return -1; + + const char *vname = +@@ -618,10 +616,14 @@ static int trash_find_mailboxes(struct mail_user *user) + continue; + + array_foreach_elem(&ns->set->mailboxes, box_name) { +- if (trash_try_mailbox(ns, box_name, &error) < 0) { ++ struct event *mbox_event = ++ mail_storage_mailbox_create_event(ns->list->event, ns->list, box_name); ++ if (trash_try_mailbox(ns, mbox_event, &error) < 0) { + user->error = p_strdup(user->pool, error); ++ event_unref(&mbox_event); + return -1; + } ++ event_unref(&mbox_event); + } + } + +-- +2.47.3 + diff -Nru dovecot-2.4.1+dfsg1/debian/patches/acl-Fix-crash-when-group-ACLs-are-used-but-user-s-ac.patch dovecot-2.4.1+dfsg1/debian/patches/acl-Fix-crash-when-group-ACLs-are-used-but-user-s-ac.patch --- dovecot-2.4.1+dfsg1/debian/patches/acl-Fix-crash-when-group-ACLs-are-used-but-user-s-ac.patch 1970-01-01 00:00:00.000000000 +0000 +++ dovecot-2.4.1+dfsg1/debian/patches/acl-Fix-crash-when-group-ACLs-are-used-but-user-s-ac.patch 2026-03-06 14:36:28.000000000 +0000 @@ -0,0 +1,28 @@ +From 003bf9a6959714e0f696f0015c8c712e89962b9b Mon Sep 17 00:00:00 2001 +From: Marco Bettini +Date: Thu, 28 Aug 2025 15:09:56 +0000 +Subject: [PATCH] acl: Fix crash when group ACLs are used, but user's + acl_groups is empty +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129952 + +--- + src/plugins/acl/acl-backend.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/plugins/acl/acl-backend.c b/src/plugins/acl/acl-backend.c +index 2ad901cd96..cc08d702dd 100644 +--- a/src/plugins/acl/acl-backend.c ++++ b/src/plugins/acl/acl-backend.c +@@ -155,7 +155,8 @@ bool acl_backend_user_name_equals(struct acl_backend *backend, + bool acl_backend_user_is_in_group(struct acl_backend *backend, + const char *group_name) + { +- return array_bsearch(&backend->set->acl_groups, group_name, ++ return array_not_empty(&backend->set->acl_groups) && ++ array_bsearch(&backend->set->acl_groups, group_name, + search_strcmp) != NULL; + } + +-- +2.47.3 + diff -Nru dovecot-2.4.1+dfsg1/debian/patches/bug1121000_dovecot-ldap_Crash_if_iterate_filter_is_set_but_iterate_fields_is_not_set.patch dovecot-2.4.1+dfsg1/debian/patches/bug1121000_dovecot-ldap_Crash_if_iterate_filter_is_set_but_iterate_fields_is_not_set.patch --- dovecot-2.4.1+dfsg1/debian/patches/bug1121000_dovecot-ldap_Crash_if_iterate_filter_is_set_but_iterate_fields_is_not_set.patch 1970-01-01 00:00:00.000000000 +0000 +++ dovecot-2.4.1+dfsg1/debian/patches/bug1121000_dovecot-ldap_Crash_if_iterate_filter_is_set_but_iterate_fields_is_not_set.patch 2026-03-05 01:13:48.000000000 +0000 @@ -0,0 +1,28 @@ +From 576a2f52bff4c13971d9e6d1172857a4f18ddd14 Mon Sep 17 00:00:00 2001 +From: Timo Sirainen +Date: Thu, 6 Nov 2025 14:52:37 +0200 +Subject: [PATCH] auth: ldap - Fix crash if users are iterated, but + userdb_ldap_iterate_fields is not set +Bug-Debian: https://bugs.debian.org/1121000 +--- + src/auth/userdb-ldap.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/auth/userdb-ldap.c b/src/auth/userdb-ldap.c +index 7d6d2bc38a..7aad2db74f 100644 +--- a/src/auth/userdb-ldap.c ++++ b/src/auth/userdb-ldap.c +@@ -201,8 +201,11 @@ static void userdb_ldap_iterate_callback(struct ldap_connection *conn, + &set, &error) < 0) { + e_error(event, "%s", error); + ctx->ctx.failed = TRUE; +- } +- else { ++ } else if (!array_is_created(&set->iterate_fields)) { ++ e_error(event, "iterate: No userdb_ldap_iterate_fields specified"); ++ ctx->ctx.failed = TRUE; ++ settings_free(set); ++ } else { + unsigned int count; + const char *const *items = array_get(&set->iterate_fields, &count); + for (unsigned int ndx = 0; ndx < count - 1;) { diff -Nru dovecot-2.4.1+dfsg1/debian/patches/series dovecot-2.4.1+dfsg1/debian/patches/series --- dovecot-2.4.1+dfsg1/debian/patches/series 2025-10-23 14:01:33.000000000 +0000 +++ dovecot-2.4.1+dfsg1/debian/patches/series 2026-03-06 14:36:12.000000000 +0000 @@ -29,3 +29,6 @@ auth__Use_AUTH_CACHE_KEY_USER_instead_of_per-database.patch auth__Terminate_properly_auth_oauth2_post_setting_defines.patch lib-sieve_sieve-script_c_sieve_script_create_common_Correctly_handle_errors.patch +bug1121000_dovecot-ldap_Crash_if_iterate_filter_is_set_but_iterate_fields_is_not_set.patch +0001-trash-Use-mailbox-event-in-trash_try_mailbox-for-set.patch +acl-Fix-crash-when-group-ACLs-are-used-but-user-s-ac.patch