Ubuntu
dovecot package

lp:ubuntu/gutsy-security/dovecot

  1. Gutsy (7.10)
  2. gutsy-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/gutsy-security/dovecot
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

28. By Kees Cook

* SECURITY UPDATE: mailboxes of other users could be read via symlinks.
* Add upstream-mail-group-fixes.dpatch: upstream fixes (CVE-2008-1199).
* Add upstream-invalid-password-fixes.dpatch: proactive upstream fixes
  to avoid future issues in underlying passdb (CVE-2008-1218).
* References
  http://dovecot.org/list/dovecot-news/2008-March/000060.html
  http://dovecot.org/list/dovecot-news/2008-March/000064.html

27. By Kees Cook

* SECURITY UPDATE: LDAP-authenticated users may accidentally shared
  cached login when they have the same password.
* Add ldap_auth_cache.dpatch: upstream fixes, thanks to Fabio Tranchitella.
* References
  http://dovecot.org/list/dovecot-news/2007-December/000057.html
  CVE-2007-6598

26. By Mathias Gug

* Fix dovecot restart when removing -pop3d/-imapd packages (LP: #151650):
  - debian/dovecot-{pop3d,imapd}.postrm: start dovecot.
* Restart dovecot when -pop3d/-imapd package are installed:
  - debian/dovecot-{pop3d,imapd}.postinst: restart dovecot.

25. By Soren Hansen

[Mathias Gug]
* Merge with Debian (LP: #149049); remaining changes:
  - Use Snakeoil SSL certificate by default.
    + debian/control: Depend on ssl-cert
    + debian/patches/ssl-cert-snakeoil.dpatch: Change default SSL cert paths
      to snakeoil.
    + debian/dovecot-common.postinst: Relax grep for SSL_* a bit.
  - Fast TearDown:
    + debian/rules: Call dh_installinit in 'multiuser' mode.
    + debian/control: Depend on newer sysv-rc for this.
    + debian/dovecot-common.postinst: Remove stop script symlinks from rc0
      and rc6 on upgrades. Needs to be kept until next LTS release.
  - Add autopkgtest in debian/tests/.

[Soren Hansen]
* Based on work by Mathias Gug: Enable imap/pop3 protocols when installing
  dovecot-imap/dovecot-pop3 package (LP: #146648):
  - debian/dovecot-pop3d.postinst, debian/dovecot-imapd.postinst: add
    imap,imaps/pop3,pop3s to protocols line in dovecot.conf (removing "none"
    if it's there).
  - debian/dovecot-pop3d.postrm, debian/dovecot-imapd.postrm: remove
    imap,imaps/pop3,pop3s from protocols line in dovecot.conf (putting
    "none" if last protocol is removed).
* debian/patches/exec_check_for_none.dpatch:
  - Disable access(..., X_OK) check for protocols that are not going to be
    started anyway.
* debian/patches/protocols_none_by_default.dpatch:
  - Set "protocols = none" by default.

24. By Soren Hansen

* Merge with Debian (LP: #136323); remaining changes:
  - Use Snakeoil SSL certificate by default.
    + debian/control: Depend on ssl-cert
    + debian/patches/ssl-cert-snakeoil.dpatch: Change default SSL cert paths
      to snakeoil.
    + debian/dovecot-common.postinst: Relax grep for SSL_* a bit.
  - Fast TearDown:
    + debian/rules: Call dh_installinit in 'multiuser' mode.
    + debian/control: Depend on newer sysv-rc for this.
    + debian/dovecot-common.postinst: Remove stop script symlinks from rc0
      and rc6 on upgrades. Needs to be kept until next LTS release.
  - Add autopkgtest in debian/tests/.

23. By Matthias Klose

* Merge with Debian; remaining changes:
  - Use Snakeoil SSL certificate by default.
    + debian/control: Depend on ssl-cert
    + debian/patches/ssl-cert-snakeoil.dpatch: Change default SSL cert paths
      to snakeoil.
    + debian/dovecot-common.postinst: Relax grep for SSL_* a bit.
  - Fast TearDown:
    + debian/rules: Call dh_installinit in 'multiuser' mode.
    + debian/control: Depend on newer sysv-rc for this.
    + debian/dovecot-common.postinst: Remove stop script symlinks from rc0
      and rc6 on upgrades. Needs to be kept until next LTS release.
  - Add autopkgtest in debian/tests/.

22. By Matthias Klose

New upstream version.

21. By Martin Pitt

* Merged with Debian unstable; remaining Ubuntu changes:
  - Use Snakeoil SSL certificate by default.
    + debian/control: Depend on ssl-cert
    + debian/patches/ssl-cert-snakeoil.dpatch: Change default SSL cert paths
      to snakeoil.
    + debian/dovecot-common.postinst: Relax grep for SSL_* a bit.
  - Fast TearDown:
    + debian/rules: Call dh_installinit in 'multiuser' mode.
    + debian/control: Depend on newer sysv-rc for this.
    + debian/dovecot-common.postinst: Remove stop script symlinks from rc0
      and rc6 on upgrades. Needs to be kept until next LTS release.
  - Add autopkgtest in debian/tests/.
* debian/control: Set Ubuntu maintainer.

20. By Ian Jackson

[ Martin Pitt, edited lightly by Ian Jackson: ]
Add debian/tests/: autopkgtest control file plus our current package-tests
test suite for security QA.

19. By Matthias Klose

* Merge from debian unstable, remaining changes:
  - snakeoil ssl
  - Remove stop script symlinks from rc0 and rc6

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/dovecot
This branch contains Public information 
Everyone can see this information.

Subscribers