Author: Matthias Klose
Revision Date: 2015-09-14 13:58:42 UTC

* Merge with Debian (after 552 days); remaining changes:
  + Add mail-stack-delivery package:
    - Update d/rules
    - d/control: convert existing dovecot-postfix package to a dummy
      package and add new mail-stack-delivery package.
    - Update maintainer scripts.
    - Rename d/dovecot-postfix.* to debian/mail-stack-delivery.*
    - d/mail-stack-delivery.preinst: Move previously installed backups and
      config files to a new package namespace.
    - d/mail-stack-delivery.prerm: Added to handle downgrades.
  + Use Snakeoil SSL certificates by default:
    - d/control: Depend on ssl-cert.
  + Add autopkgtest to debian/tests/*.
  + Add ufw integration:
    - d/dovecot-core.ufw.profile: new ufw profile.
    - d/rules: install profile in dovecot-core.
    - d/control: dovecot-core - suggest ufw.
  + d/dovecot-core.dirs: Added usr/share/doc/dovecot-core
  + Add apport hook:
    - d/rules, d/source_dovecot.py
  + Add upstart job:
    - d/rules, d/dovecot-core.dovecot.upstart, d/control,
      d/dovecot-core.dirs, dovecot-imapd.{postrm, postinst, prerm},
      d/dovecot-pop3d.{postinst, postrm, prerm}.
      d/mail-stack-deliver.postinst: Convert init script to upstart.
  + d/control: Drop dovecot-postfix package as its no longer required.
  + Rename init.d script to work with the dh_installinit --name option, so
    that it comes back.
* Drop build dependency on libstemmer-dev (universe).

Author: Matthias Klose
Revision Date: 2015-09-14 13:58:42 UTC

* Merge with Debian (after 552 days); remaining changes:
  + Add mail-stack-delivery package:
    - Update d/rules
    - d/control: convert existing dovecot-postfix package to a dummy
      package and add new mail-stack-delivery package.
    - Update maintainer scripts.
    - Rename d/dovecot-postfix.* to debian/mail-stack-delivery.*
    - d/mail-stack-delivery.preinst: Move previously installed backups and
      config files to a new package namespace.
    - d/mail-stack-delivery.prerm: Added to handle downgrades.
  + Use Snakeoil SSL certificates by default:
    - d/control: Depend on ssl-cert.
  + Add autopkgtest to debian/tests/*.
  + Add ufw integration:
    - d/dovecot-core.ufw.profile: new ufw profile.
    - d/rules: install profile in dovecot-core.
    - d/control: dovecot-core - suggest ufw.
  + d/dovecot-core.dirs: Added usr/share/doc/dovecot-core
  + Add apport hook:
    - d/rules, d/source_dovecot.py
  + Add upstart job:
    - d/rules, d/dovecot-core.dovecot.upstart, d/control,
      d/dovecot-core.dirs, dovecot-imapd.{postrm, postinst, prerm},
      d/dovecot-pop3d.{postinst, postrm, prerm}.
      d/mail-stack-deliver.postinst: Convert init script to upstart.
  + d/control: Drop dovecot-postfix package as its no longer required.
  + Rename init.d script to work with the dh_installinit --name option, so
    that it comes back.
* Drop build dependency on libstemmer-dev (universe).

Author: Marc Deslauriers
Revision Date: 2014-10-27 12:46:22 UTC

* Backport support for the ssl_protocols setting to easily allow
  disabling SSLv3. (LP: #1381537)
  - debian/patches/backport_ssl_protocols.patch: added new setting to
    src/login-common/login-settings.c, src/login-common/login-settings.h,
    src/login-common/ssl-proxy-openssl.c, src/config/all-settings.c.

Author: Marc Deslauriers
Revision Date: 2014-10-27 12:46:22 UTC

* Backport support for the ssl_protocols setting to easily allow
  disabling SSLv3. (LP: #1381537)
  - debian/patches/backport_ssl_protocols.patch: added new setting to
    src/login-common/login-settings.c, src/login-common/login-settings.h,
    src/login-common/ssl-proxy-openssl.c, src/config/all-settings.c.

Author: Martin Pitt
Revision Date: 2014-09-03 09:50:41 UTC

No-change rebuild against current debhelper to drop unnecessary upstart
dependency. (LP: #1351306)

Author: Martin Pitt
Revision Date: 2014-09-03 09:50:41 UTC

No-change rebuild against current debhelper to drop unnecessary upstart
dependency. (LP: #1351306)

Author: Martin Pitt
Revision Date: 2014-09-03 09:50:41 UTC

No-change rebuild against current debhelper to drop unnecessary upstart
dependency. (LP: #1351306)

Author: Marc Deslauriers
Revision Date: 2014-05-14 13:14:05 UTC

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/login-common/client-common.c,
    src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.h.
  - CVE-2014-3430

Author: Marc Deslauriers
Revision Date: 2014-05-14 13:17:19 UTC

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/login-common/client-common.c,
    src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.h.
  - CVE-2014-3430

Author: Marc Deslauriers
Revision Date: 2014-05-14 13:18:14 UTC

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/login-common/client-common.c,
    src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.h.
  - CVE-2014-3430

Author: Marc Deslauriers
Revision Date: 2014-05-14 13:14:05 UTC

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/login-common/client-common.c,
    src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.h.
  - CVE-2014-3430

Author: Marc Deslauriers
Revision Date: 2014-05-14 13:17:19 UTC

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/login-common/client-common.c,
    src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.h.
  - CVE-2014-3430

Author: Marc Deslauriers
Revision Date: 2014-05-14 13:18:14 UTC

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/login-common/client-common.c,
    src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.h.
  - CVE-2014-3430

Author: Marc Deslauriers
Revision Date: 2014-05-14 13:18:55 UTC

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/login-common/client-common.c,
    src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.*.
  - CVE-2014-3430

Author: Marc Deslauriers
Revision Date: 2014-05-14 13:20:49 UTC

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/imap-login/client.c, src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.*, src/pop3-login/client.c.
  - CVE-2014-3430

Author: Marc Deslauriers
Revision Date: 2014-05-14 13:20:49 UTC

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/imap-login/client.c, src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.*, src/pop3-login/client.c.
  - CVE-2014-3430

Author: James Page
Revision Date: 2014-03-07 12:42:58 UTC

d/dovecot-core.config: Drop db_input for ssl-cert-exists; this message
not actually an error, is documented in the README.Debian, and blocks
automated upgrades (LP: #1278897).

Author: James Page
Revision Date: 2014-03-07 12:42:58 UTC

d/dovecot-core.config: Drop db_input for ssl-cert-exists; this message
not actually an error, is documented in the README.Debian, and blocks
automated upgrades (LP: #1278897).

Author: Colin Watson
Revision Date: 2013-10-10 11:55:27 UTC

Use the autotools-dev dh addon to update config.guess/config.sub for
arm64.

Author: Colin Watson
Revision Date: 2013-10-10 11:55:27 UTC

Use the autotools-dev dh addon to update config.guess/config.sub for
arm64.

Author: Yolanda Robla
Revision Date: 2013-06-25 14:14:40 UTC

updated dependencies

Author: James Page
Revision Date: 2013-02-11 12:41:24 UTC

[ James Page ]
* Merge from Debian unstable (LP: #1117613, #1075456), remaining changes:
  + Add mail-stack-delivery package:
    - Update d/rules
    - d/control: convert existing dovecot-postfix package to a dummy
      package and add new mail-stack-delivery package.
    - Update maintainer scripts.
    - Rename d/dovecot-postfix.* to debian/mail-stack-delivery.*
    - d/mail-stack-delivery.preinst: Move previously installed backups and
      config files to a new package namespace.
    - d/mail-stack-delivery.prerm: Added to handle downgrades.
  + Use Snakeoil SSL certificates by default:
    - d/control: Depend on ssl-cert.
    - d/dovecot-core.postinst: Relax grep for SSL_* a bit.
  + Add autopkgtest to debian/tests/*.
  + Add ufw integration:
    - d/dovecot-core.ufw.profile: new ufw profile.
    - d/rules: install profile in dovecot-core.
    - d/control: dovecot-core - suggest ufw.
  + d/dovecot-core.dirs: Added usr/share/doc/dovecot-core
  + Add apport hook:
    - d/rules, d/source_dovecot.py
  + Add upstart job:
    - d/rules, d/dovecot-core.dovecot.upstart, d/control,
      d/dovecot-core.dirs, dovecot-imapd.{postrm, postinst, prerm},
      d/dovecot-pop3d.{postinst, postrm, prerm}.
      d/mail-stack-deliver.postinst: Convert init script to upstart.
  + d/control: Added Pre-Depends: dpkg (>= 1.15.6) to dovecot-dbg to support
    xz compression in Ubuntu.
  + d/control: Demote dovecot-common Recommends: to Suggests: to prevent
    install of extra packages on upgrade.
  + d/patches/dovecot-drac.patch: Updated with version for dovecot >= 2.0.0.
* Dropped changes, included in Debian:
  + d/{control,rules}: enable PIE hardening.
  + d/control: Drop B-D on systemd.
* d/p/mail-stack-delivery.postinst: Updated to ensure that configured SSL
  cert and key locations are used when configuring postfix, sorted out
  formatting.
* d/p/dovecot-core.postinst: Create compat links to old style, existing
  SSL cert and key if found.
* d/rules: Don't pass hardening flags for DRAC plugin.
* d/dovecot-{pop3d,imapd}.prerm: Re-sync with Debian.
* d/dovecot-core.lintian-overrides: Drop override for DRAC plugin as not
  required in Ubuntu.
* d/01-mail-stack-delivery: Renamed 99-mail-stack-delivery to ensure that
  the mail-stack-delivery configuration overrides configuration options
  set elsewhere, updated with new cert/key file locations.

[ Ante Karamatic ]
* Change configuration file for LDA on new installs and upgrades
  (LP: #671065).

Author: James Page
Revision Date: 2013-02-11 12:41:24 UTC

[ James Page ]
* Merge from Debian unstable (LP: #1117613, #1075456), remaining changes:
  + Add mail-stack-delivery package:
    - Update d/rules
    - d/control: convert existing dovecot-postfix package to a dummy
      package and add new mail-stack-delivery package.
    - Update maintainer scripts.
    - Rename d/dovecot-postfix.* to debian/mail-stack-delivery.*
    - d/mail-stack-delivery.preinst: Move previously installed backups and
      config files to a new package namespace.
    - d/mail-stack-delivery.prerm: Added to handle downgrades.
  + Use Snakeoil SSL certificates by default:
    - d/control: Depend on ssl-cert.
    - d/dovecot-core.postinst: Relax grep for SSL_* a bit.
  + Add autopkgtest to debian/tests/*.
  + Add ufw integration:
    - d/dovecot-core.ufw.profile: new ufw profile.
    - d/rules: install profile in dovecot-core.
    - d/control: dovecot-core - suggest ufw.
  + d/dovecot-core.dirs: Added usr/share/doc/dovecot-core
  + Add apport hook:
    - d/rules, d/source_dovecot.py
  + Add upstart job:
    - d/rules, d/dovecot-core.dovecot.upstart, d/control,
      d/dovecot-core.dirs, dovecot-imapd.{postrm, postinst, prerm},
      d/dovecot-pop3d.{postinst, postrm, prerm}.
      d/mail-stack-deliver.postinst: Convert init script to upstart.
  + d/control: Added Pre-Depends: dpkg (>= 1.15.6) to dovecot-dbg to support
    xz compression in Ubuntu.
  + d/control: Demote dovecot-common Recommends: to Suggests: to prevent
    install of extra packages on upgrade.
  + d/patches/dovecot-drac.patch: Updated with version for dovecot >= 2.0.0.
* Dropped changes, included in Debian:
  + d/{control,rules}: enable PIE hardening.
  + d/control: Drop B-D on systemd.
* d/p/mail-stack-delivery.postinst: Updated to ensure that configured SSL
  cert and key locations are used when configuring postfix, sorted out
  formatting.
* d/p/dovecot-core.postinst: Create compat links to old style, existing
  SSL cert and key if found.
* d/rules: Don't pass hardening flags for DRAC plugin.
* d/dovecot-{pop3d,imapd}.prerm: Re-sync with Debian.
* d/dovecot-core.lintian-overrides: Drop override for DRAC plugin as not
  required in Ubuntu.
* d/01-mail-stack-delivery: Renamed 99-mail-stack-delivery to ensure that
  the mail-stack-delivery configuration overrides configuration options
  set elsewhere, updated with new cert/key file locations.

[ Ante Karamatic ]
* Change configuration file for LDA on new installs and upgrades
  (LP: #671065).

Author: James Page
Revision Date: 2012-12-13 14:17:24 UTC

d/control: Enable autopkgtest.

Author: Clint Byrum
Revision Date: 2012-08-09 12:22:52 UTC

d/dovecot-core.dovecot.upstart: Respawn to handle unexpected but
recoverable problems. (LP: #718188)

Author: James Page
Revision Date: 2012-04-04 14:56:38 UTC

* New upstream release (LP: #970782).
* Merge from Debian testing, remaining changes:
  + Add mail-stack-delivery package:
    - Update d/rules
    - d/control: convert existing dovecot-postfix package to a dummy
      package and add new mail-stack-delivery package.
    - Update maintainer scripts.
    - Rename d/dovecot-postfix.* to debian/mail-stack-delivery.*
    - d/mail-stack-delivery.preinst: Move previously installed backups and
      config files to a new package namespace.
    - d/mail-stack-delivery.prerm: Added to handle downgrades.
  + Use Snakeoil SSL certificates by default:
    - d/control: Depend on ssl-cert.
    - d/dovecot-core.postinst: Relax grep for SSL_* a bit.
  + Add autopkgtest to debian/tests/*.
  + Add ufw integration:
    - d/dovecot-core.ufw.profile: new ufw profile.
    - d/rules: install profile in dovecot-core.
    - d/control: dovecot-core - suggest ufw.
  + d/{control,rules}: enable PIE hardening.
  + d/dovecot-core.dirs: Added usr/share/doc/dovecot-core
  + Add apport hook:
    - d/rules, d/source_dovecot.py
  + Add upstart job:
    - d/rules, d/dovecot-core.dovecot.upstart, d/control,
      d/dovecot-core.dirs, dovecot-imapd.{postrm, postinst, prerm},
      d/dovecot-pop3d.{postinst, postrm, prerm}.
      d/mail-stack-deliver.postinst:
      Convert init script to upstart.
  + d/patches/fix-racey-restart.patch: Backported patch from current
    development release which ensures all child processes terminate prior
    to the main dovecot process.
  + debian/patches/CVE-2011-4318.patch: Dropped - applied upstream
  + d/control: Added Pre-Depends: dpkg (>= 1.15.6) to dovecot-dbg to support
    xz compression in Ubuntu.
  + d/control: Demote dovecot-common Recommends: to Suggests: to prevent
    install of extra packages on upgrade.
* d/patches/dovecot-drac.patch: Updated with version for dovecot >= 2.0.0.

Author: James Page
Revision Date: 2012-04-04 14:48:30 UTC

* New upstream release (LP: #970782).
* Merge from Debian testing, remaining changes:
* d/patches/dovecot-drac.patch: Updated with version for dovecot >= 2.0.0.

Author: Marc Deslauriers
Revision Date: 2011-11-29 11:00:23 UTC

* SECURITY UPDATE: Incorrect cert Common Name verification when proxying
  - debian/patches/CVE-2011-4318.patch: correctly validate Common Name
    when a hostname is specified in src/login-common/{login-proxy.c,
    ssl-proxy.*,ssl-proxy-openssl.c}.
  - CVE-2011-4318

Author: Marc Deslauriers
Revision Date: 2011-11-29 11:00:23 UTC

* SECURITY UPDATE: Incorrect cert Common Name verification when proxying
  - debian/patches/CVE-2011-4318.patch: correctly validate Common Name
    when a hostname is specified in src/login-common/{login-proxy.c,
    ssl-proxy.*,ssl-proxy-openssl.c}.
  - CVE-2011-4318

Author: James Page
Revision Date: 2011-10-14 13:16:53 UTC

* Fix postfix->dovecot SASL authentication with dovecot 2.x (LP: #874135):
  - d/01-mail-stack-delivery.conf: Include revised authentication
    configuration for dovecot 2.x.
  - d/01-mail-stack-delivery.auth: Dropped - no longer required.
  - d/rules: Updated to remove 01-mail-stack-delivery.auth.

Author: James Page
Revision Date: 2011-10-14 13:14:53 UTC

* Fix postfix->dovecot SASL authentication with dovecot 2.x (LP: #874135):
  - d/01-mail-stack-delivery.conf: Include revised authentication
    configuration for dovecot 2.x.
  - d/01-mail-stack-delivery.auth: Dropped - no longer required.
  - d/rules: Updated to remove 01-mail-stack-delivery.auth.

Author: Ben Howard
Revision Date: 2011-09-19 14:44:56 UTC

[ Ben Howard ]
* debian/dovecot-common.dovecot.upstart: changed start to runlevel [2345]
  (LP: #820685)

[ James Page ]
* Make mail-stack-delivery work with new version of dovecot (LP: #860336):
  - debian/control: Added dovecot-managesieved to mail-stack-delivery Depends.
  - debian/01-mail-stack-delivery.conf: Renamed mangesieve protocol -> sieve.
    Tidied up obsolete and changed configuration stanzas.
  - debian/mail-stack-delivery.postinst: drop -n flag from dovecot deliver
    command in postfix configuration.

Author: Ben Howard
Revision Date: 2011-09-19 20:46:34 UTC

debian/dovecot-common.dovecot.upstart: changed start to runlevel [2345]
(LP: #820685)

Author: Chuck Short
Revision Date: 2011-06-02 10:10:39 UTC

debian/dovecot-postfix.postinst: don't override user's postfix settings
on upgrade. (LP: #715056)

Author: Chuck Short
Revision Date: 2011-06-02 10:03:18 UTC

debian/mail-stack-delivery.postinst: don't override user's postfix
settings on upgrade. Thanks to Ante Karamatic. (LP: #715056)

Author: Steve Beattie
Revision Date: 2011-06-03 21:46:15 UTC

debian/dovecot-common.postinst: fix ssl cert typos that prevent
certs from being generated (LP: #792557)

Author: Chuck Short
Revision Date: 2011-06-02 10:03:18 UTC

debian/mail-stack-delivery.postinst: don't override user's postfix
settings on upgrade. Thanks to Ante Karamatic. (LP: #715056)

Author: Steve Beattie
Revision Date: 2011-06-01 11:36:21 UTC

* SECURITY UPDATE: fix memory corruption when header names included
  null bytes:
  - debian/patches/dovecot-CVE-2011-1929.patch: use binary copy rather
    than a string based copy.
  - CVE-2011-1929
* debian/control: removed linux-kernel-headers from Build-Conflicts to
  resolve building with sbuild.

Author: Steve Beattie
Revision Date: 2011-06-01 11:36:21 UTC

* SECURITY UPDATE: fix memory corruption when header names included
  null bytes:
  - debian/patches/dovecot-CVE-2011-1929.patch: use binary copy rather
    than a string based copy.
  - CVE-2011-1929
* debian/control: removed linux-kernel-headers from Build-Conflicts to
  resolve building with sbuild.

Author: Steve Beattie
Revision Date: 2011-05-31 14:46:26 UTC

* SECURITY UPDATE: fix memory corruption when header names included
  null bytes:
  - debian/patches/dovecot-CVE-2011-1929.patch: use binary copy rather
    than a string based copy.
  - CVE-2011-1929

Author: Ante Karamatić
Revision Date: 2011-02-21 19:08:15 UTC

* debian/mail-stack-delivery.postinst:
  - don't override user's postfix settings on upgrade

Author: Clint Byrum
Revision Date: 2010-10-06 07:06:59 UTC

debian/mail-stack-delivery.preinst: Fixing shell syntax and typo in
file rename code. (LP: #653362)

Author: Clint Byrum
Revision Date: 2010-10-06 00:00:48 UTC

debian/mail-stack-delivery.preinst: Fixing shell syntax and typo in
file rename code. (LP: #653362)

Author: Chuck Short
Revision Date: 2010-04-19 13:13:20 UTC

[Ante Karamatic]
* dovecot-example.conf, debian/dovecot-common.dirs, debian/01-dovecot-postfix.auth,
     debian/01-dovecot-postfix.conf, debian/control, debian/dovecot-postfix.dirs,
     debian/dovecot-postfix.postinst, debian/dovecot-postfix.postrm, debian/dovecot-postfix.preinst,
     debian/rules:
     * Fix dovecot -n not to report wrong configuration. (LP: #511295)

Author: Chuck Short
Revision Date: 2010-01-22 01:03:09 UTC

Fix FTBFS.

Author: Chuck Short
Revision Date: 2010-01-22 01:03:09 UTC

Fix FTBFS.

Author: Chuck Short
Revision Date: 2010-01-22 01:03:09 UTC

Fix FTBFS.

Author: Chuck Short
Revision Date: 2010-01-22 01:03:09 UTC

Fix FTBFS.

Author: Mathias Gug
Revision Date: 2008-11-05 15:30:16 UTC

debian/patches/fix-message-parser.dpatch: Parsing an invalid message
address like "From: (" caused an assert-crash. (LP: #290901).

Author: Marc Deslauriers
Revision Date: 2009-09-24 08:28:12 UTC

* SECURITY UPDATE: directory traversal vulnerability in the the
  ManageSieve implementation (LP: #307291)
  - debian/patches/security-CVE-2008-5301.dpatch: filter out slashes in
    script names in dovecot-managesieve/src/lib-sievestorage/
    {sieve-storage-save.c,sieve-storage-script.c}.
  - CVE-2008-5301
* SECURITY UPDATE: arbitrary code execution via buffer overlows in
  the Sieve plugin
  - debian/patches/security-CVE-2009-3235.dpatch: increase scount size in
    dovecot-sieve/src/libsieve/bc_eval.c, use snprintf in
    dovecot-sieve/src/libsieve/sieve.y, use snprintf and calculate the
    right length in dovecot-sieve/src/libsieve/script.c.
  - CVE-2009-2632
  - CVE-2009-3235

Author: Chuck Short
Revision Date: 2009-10-14 21:30:36 UTC

[Ante Karamatic]
* debian/dovecot-postfix.postinst:
  - reduce smtpd_tls_mandatory_ciphers to medium (LP: #365390)
* debian/dovecot-postfix.README.Debian:
  - introduction and features of dovecot-postfix
* debian/rules:
  - install debian changelog in dovecot-postfix

Author: Marc Deslauriers
Revision Date: 2009-09-24 08:19:22 UTC

* SECURITY UPDATE: arbitrary code execution via buffer overlows in
  the Sieve plugin
  - debian/patches/security-CVE-2009-3235.dpatch: increase scount size in
    dovecot-sieve/src/libsieve/bc_eval.c, use snprintf in
    dovecot-sieve/src/libsieve/sieve.y, use snprintf and calculate the
    right length in dovecot-sieve/src/libsieve/script.c.
  - CVE-2009-2632
  - CVE-2009-3235
* Switch from byacc to bison to fix FTBFS with security patch

Author: Marc Deslauriers
Revision Date: 2009-09-24 08:19:22 UTC

* SECURITY UPDATE: arbitrary code execution via buffer overlows in
  the Sieve plugin
  - debian/patches/security-CVE-2009-3235.dpatch: increase scount size in
    dovecot-sieve/src/libsieve/bc_eval.c, use snprintf in
    dovecot-sieve/src/libsieve/sieve.y, use snprintf and calculate the
    right length in dovecot-sieve/src/libsieve/script.c.
  - CVE-2009-2632
  - CVE-2009-3235
* Switch from byacc to bison to fix FTBFS with security patch

Author: Ante Karamatić
Revision Date: 2009-04-16 15:17:45 UTC

* debian/dovecot-postfix.postinst (LP: #360891):
  - restart dovecot after linking certificates
  - handle use case when postfix is unconfigured
    + check if /etc/postfix/main.cf exist before runing postconf

Author: Marc Deslauriers
Revision Date: 2009-09-24 08:28:12 UTC

* SECURITY UPDATE: directory traversal vulnerability in the the
  ManageSieve implementation (LP: #307291)
  - debian/patches/security-CVE-2008-5301.dpatch: filter out slashes in
    script names in dovecot-managesieve/src/lib-sievestorage/
    {sieve-storage-save.c,sieve-storage-script.c}.
  - CVE-2008-5301
* SECURITY UPDATE: arbitrary code execution via buffer overlows in
  the Sieve plugin
  - debian/patches/security-CVE-2009-3235.dpatch: increase scount size in
    dovecot-sieve/src/libsieve/bc_eval.c, use snprintf in
    dovecot-sieve/src/libsieve/sieve.y, use snprintf and calculate the
    right length in dovecot-sieve/src/libsieve/script.c.
  - CVE-2009-2632
  - CVE-2009-3235

Author: Mathias Gug
Revision Date: 2008-10-10 16:05:33 UTC

* New upstream release (LP: #281423):
  - Fix message parser.
  - Fix maildirlock utility.
  - Fix bzip2 support in zlib plugin.
  - mbox: Several bugfixes causing errors and crashes.
  - Many error handling fixes and log message improvements.
  - SORT: Fix assert-crashes.
* Update dovecot-managesieve patch for 1.1.4.
* debian/control:
  - Update Vcs-* headers.
* Merge from debian experimental, remaining changes:
  - Use Snakeoil SSL certificates by default.
    + debian/control: Depend on ssl-cert
    + debian/paptches/ssl-cert-snakeoil.dpatch: Change default SSL cert
      paths to snakeoil.
    + debian/dovecot-common.postinst: Relax grep for SSL_* a bit.
  - Add autopkgtest in debian/tests/*.
  - Don't fail in postinst if dovecot-{sql,ldap} is missing. (LP: #153161)
  - debian/dovecot-common.init: Check to see if there is an /etc/inetd.conf.
    (LP: #208411)
  - debian/patches/login-max-process-count-warning.dpatch: Tell the user
    that they have reached the maximum number of processes count.
    (LP: #189616)
  - Fast TearDown: Update lsb init header to not stop in level 6.
  - Add status action to the init script:
    + debian/control: Depend on lsb >= 3.2.12ubuntu3.
    + debian/dovecot-common-init: Add the 'status' action (LP: #247096).
  - debian/rules:
    - Copy config.{guess,sub} after running libtoolize.
    - Clean dovecot-managesieve directory.
  - debian/patches/fix-dovecot-sieve.dpatch: Fixes assertion error
    when a header string ends with a LF (LP: #264306)
  - Add ufw integration:
    - Created debian/dovecot-common.ufw.profile
    - debian/rules:
      + install profile
    - debian/control
      + Suggest ufw
  - debian/{control,rules}: enable PIE hardening
  - Updated dovecot.common.README.Debian with information on what has changed
    between 1.0 and 1.1.1. Fixes (LP: #257625)
  - dovecot-imapd, dovecot-pop3: Replaces dovecot-common (<< 1:1.1). LP: #254721.
* Dropped:
  - debian/dovecot-common.postinst: Remove stop script symlinks fom rc0
    and rc6 on upgrades. Need to be kept until next LTS release.
  - Fast TearDown:
    + debian/rules: Call dh_installinit in 'multiuser' mode.
    + debian/control: Depend on new sysv-rc for this.
  - Include dovecot-sieve-1.1.5: available in Debian.

Author: Marc Deslauriers
Revision Date: 2009-09-24 08:39:39 UTC

* SECURITY UPDATE: access restriction bypass from negative access rights
  being treated as positive access rights in the ACL plugin
  - debian/patches/security-CVE-2008-4577.dpatch: fix rights mask in
    src/plugins/acl/acl-cache.c.
  - CVE-2008-4577
* SECURITY UPDATE: arbitrary code execution via buffer overlows in
  the Sieve plugin
  - debian/patches/security-CVE-2009-3235.dpatch: increase scount size in
    dovecot-sieve/src/libsieve/bc_eval.c, use snprintf in
    dovecot-sieve/src/libsieve/sieve.y, use snprintf and calculate the
    right length in dovecot-sieve/src/libsieve/script.c.
  - CVE-2009-2632
  - CVE-2009-3235

Author: Chuck Short
Revision Date: 2008-05-14 10:24:49 UTC

[Mathias Gug]
debian/patches/login-max-processes-count-warming.dpatch:
o Add a warning when login_max_processes_count is reached.
o Add a note to dovecot-example.conf about login_max_processes_count
and ssl connections. (LP: #189616)

Author: Marc Deslauriers
Revision Date: 2009-09-24 08:39:39 UTC

* SECURITY UPDATE: access restriction bypass from negative access rights
  being treated as positive access rights in the ACL plugin
  - debian/patches/security-CVE-2008-4577.dpatch: fix rights mask in
    src/plugins/acl/acl-cache.c.
  - CVE-2008-4577
* SECURITY UPDATE: arbitrary code execution via buffer overlows in
  the Sieve plugin
  - debian/patches/security-CVE-2009-3235.dpatch: increase scount size in
    dovecot-sieve/src/libsieve/bc_eval.c, use snprintf in
    dovecot-sieve/src/libsieve/sieve.y, use snprintf and calculate the
    right length in dovecot-sieve/src/libsieve/script.c.
  - CVE-2009-2632
  - CVE-2009-3235

Author: Nicolas Valcarcel
Revision Date: 2008-03-31 12:22:34 UTC

Fixed error with multiple ssl certs on postinst limiting the grep result
to 1 cert. Thanks Matt LaPlante for the suggestions (LP: #182086)

Author: Kees Cook
Revision Date: 2008-03-24 14:26:07 UTC

* SECURITY UPDATE: mailboxes of other users could be read via symlinks.
* Add upstream-mail-group-fixes.dpatch: upstream fixes (CVE-2008-1199).
* Add upstream-invalid-password-fixes.dpatch: proactive upstream fixes
  to avoid future issues in underlying passdb (CVE-2008-1218).
* References
  http://dovecot.org/list/dovecot-news/2008-March/000060.html
  http://dovecot.org/list/dovecot-news/2008-March/000064.html

Author: Kees Cook
Revision Date: 2008-03-24 14:26:07 UTC

* SECURITY UPDATE: mailboxes of other users could be read via symlinks.
* Add upstream-mail-group-fixes.dpatch: upstream fixes (CVE-2008-1199).
* Add upstream-invalid-password-fixes.dpatch: proactive upstream fixes
  to avoid future issues in underlying passdb (CVE-2008-1218).
* References
  http://dovecot.org/list/dovecot-news/2008-March/000060.html
  http://dovecot.org/list/dovecot-news/2008-March/000064.html

Author: Mathias Gug
Revision Date: 2007-10-11 15:24:23 UTC

* Fix dovecot restart when removing -pop3d/-imapd packages (LP: #151650):
  - debian/dovecot-{pop3d,imapd}.postrm: start dovecot.
* Restart dovecot when -pop3d/-imapd package are installed:
  - debian/dovecot-{pop3d,imapd}.postinst: restart dovecot.

Author: Kees Cook
Revision Date: 2008-03-24 14:26:07 UTC

* SECURITY UPDATE: mailboxes of other users could be read via symlinks.
* Add upstream-mail-group-fixes.dpatch: upstream fixes (CVE-2008-1199).
* Add upstream-invalid-password-fixes.dpatch: proactive upstream fixes
  to avoid future issues in underlying passdb (CVE-2008-1218).
* References
  http://dovecot.org/list/dovecot-news/2008-March/000060.html
  http://dovecot.org/list/dovecot-news/2008-March/000064.html

Author: Kees Cook
Revision Date: 2008-03-24 14:26:07 UTC

* SECURITY UPDATE: mailboxes of other users could be read via symlinks.
* Add upstream-mail-group-fixes.dpatch: upstream fixes (CVE-2008-1199).
* Add upstream-invalid-password-fixes.dpatch: proactive upstream fixes
  to avoid future issues in underlying passdb (CVE-2008-1218).
* References
  http://dovecot.org/list/dovecot-news/2008-March/000060.html
  http://dovecot.org/list/dovecot-news/2008-March/000064.html

Author: Ian Jackson
Revision Date: 2007-02-22 20:11:51 UTC

[ Martin Pitt, edited lightly by Ian Jackson: ]
Add debian/tests/: autopkgtest control file plus our current package-tests
test suite for security QA.

Author: Kees Cook
Revision Date: 2008-03-24 14:26:07 UTC

* SECURITY UPDATE: mailboxes of other users could be read via symlinks.
* Add upstream-mail-group-fixes.dpatch: upstream fixes (CVE-2008-1199).
* Add upstream-invalid-password-fixes.dpatch: proactive upstream fixes
  to avoid future issues in underlying passdb (CVE-2008-1218).
* References
  http://dovecot.org/list/dovecot-news/2008-March/000060.html
  http://dovecot.org/list/dovecot-news/2008-March/000064.html

Author: Kees Cook
Revision Date: 2008-03-24 14:26:07 UTC

* SECURITY UPDATE: mailboxes of other users could be read via symlinks.
* Add upstream-mail-group-fixes.dpatch: upstream fixes (CVE-2008-1199).
* Add upstream-invalid-password-fixes.dpatch: proactive upstream fixes
  to avoid future issues in underlying passdb (CVE-2008-1218).
* References
  http://dovecot.org/list/dovecot-news/2008-March/000060.html
  http://dovecot.org/list/dovecot-news/2008-March/000064.html

Author: Scott James Remnant (Canonical)
Revision Date: 2006-09-18 16:53:37 UTC

* Remove stop script symlinks from rc0 and rc6.
* Remove dependency on linux-kernel-headers.

Author: Kees Cook
Revision Date: 2008-03-24 14:26:07 UTC

* SECURITY UPDATE: mailboxes of other users could be read via symlinks.
* Add upstream-mail-group-fixes.dpatch: upstream fixes (CVE-2008-1199).
* Add upstream-invalid-password-fixes.dpatch: proactive upstream fixes
  to avoid future issues in underlying passdb (CVE-2008-1218).
* References
  http://dovecot.org/list/dovecot-news/2008-March/000060.html
  http://dovecot.org/list/dovecot-news/2008-March/000064.html

Author: Kees Cook
Revision Date: 2008-03-24 14:26:07 UTC

* SECURITY UPDATE: mailboxes of other users could be read via symlinks.
* Add upstream-mail-group-fixes.dpatch: upstream fixes (CVE-2008-1199).
* Add upstream-invalid-password-fixes.dpatch: proactive upstream fixes
  to avoid future issues in underlying passdb (CVE-2008-1218).
* References
  http://dovecot.org/list/dovecot-news/2008-March/000060.html
  http://dovecot.org/list/dovecot-news/2008-March/000064.html

Author: Martin Pitt
Revision Date: 2006-05-17 13:41:35 UTC

* debian/dovecot-common.postinst:
  - Do not chmod/chown an already existing SSL certificate. This will leave
    permissions of the snakeoil SSL key intact. Closes: LP#45207

Author: Martin Pitt
Revision Date: 2006-06-02 10:45:15 UTC

* SECURITY UPDATE: SQL injection with certain client character encodings.
* src/lib/strescape.c, str_escape(): Escape ' as '', not as \'. In this
  version, this function is still only used for escaping database queries,
  so this does not break anything else.
* CVE-2006-2314

Author: Martin Pitt
Revision Date: 2005-06-06 13:02:30 UTC

* Transition to new PostgreSQL architecture.
* debian/control: Changed build dependency postgresql-dev to libpq-dev.
* configure.in, configure: Add correct directory to include direactory
  search list.

Author: Martin Pitt
Revision Date: 2006-06-02 11:03:31 UTC

* SECURITY UPDATE: SQL injection with certain client character encodings.
* src/lib/strescape.c, str_escape(): Escape ' as '', not as \'. In this
  version, this function is still only used for escaping database queries,
  so this does not break anything else.
* CVE-2006-2314

Author: Jaldhar
Revision Date: 2005-01-08 12:11:38 UTC

Oops -2 had to be urgency=high so -1 doesn't get into sarge.

Author: LaMont Jones
Revision Date: 2004-08-13 05:41:41 UTC

Fix build depends. (list libsasl2-dev first)