lp:ubuntu/gutsy-security/dovecot
- Get this branch:
- bzr branch lp:ubuntu/gutsy-security/dovecot
Branch merges
Branch information
Recent revisions
- 28. By Kees Cook
-
* SECURITY UPDATE: mailboxes of other users could be read via symlinks.
* Add upstream-mail-group- fixes.dpatch: upstream fixes (CVE-2008-1199).
* Add upstream-invalid- password- fixes.dpatch: proactive upstream fixes
to avoid future issues in underlying passdb (CVE-2008-1218).
* References
http://dovecot. org/list/ dovecot- news/2008- March/000060. html
http://dovecot. org/list/ dovecot- news/2008- March/000064. html - 27. By Kees Cook
-
* SECURITY UPDATE: LDAP-authenticated users may accidentally shared
cached login when they have the same password.
* Add ldap_auth_cache.dpatch: upstream fixes, thanks to Fabio Tranchitella.
* References
http://dovecot. org/list/ dovecot- news/2007- December/ 000057. html
CVE-2007-6598 - 26. By Mathias Gug
-
* Fix dovecot restart when removing -pop3d/-imapd packages (LP: #151650):
- debian/dovecot- {pop3d, imapd}. postrm: start dovecot.
* Restart dovecot when -pop3d/-imapd package are installed:
- debian/dovecot- {pop3d, imapd}. postinst: restart dovecot. - 25. By Soren Hansen
-
[Mathias Gug]
* Merge with Debian (LP: #149049); remaining changes:
- Use Snakeoil SSL certificate by default.
+ debian/control: Depend on ssl-cert
+ debian/patches/ ssl-cert- snakeoil. dpatch: Change default SSL cert paths
to snakeoil.
+ debian/dovecot- common. postinst: Relax grep for SSL_* a bit.
- Fast TearDown:
+ debian/rules: Call dh_installinit in 'multiuser' mode.
+ debian/control: Depend on newer sysv-rc for this.
+ debian/dovecot- common. postinst: Remove stop script symlinks from rc0
and rc6 on upgrades. Needs to be kept until next LTS release.
- Add autopkgtest in debian/tests/.[Soren Hansen]
* Based on work by Mathias Gug: Enable imap/pop3 protocols when installing
dovecot-imap/dovecot- pop3 package (LP: #146648):
- debian/dovecot- pop3d.postinst, debian/ dovecot- imapd.postinst: add
imap,imaps/pop3, pop3s to protocols line in dovecot.conf (removing "none"
if it's there).
- debian/dovecot- pop3d.postrm, debian/ dovecot- imapd.postrm: remove
imap,imaps/pop3, pop3s from protocols line in dovecot.conf (putting
"none" if last protocol is removed).
* debian/patches/ exec_check_ for_none. dpatch:
- Disable access(..., X_OK) check for protocols that are not going to be
started anyway.
* debian/patches/ protocols_ none_by_ default. dpatch:
- Set "protocols = none" by default. - 24. By Soren Hansen
-
* Merge with Debian (LP: #136323); remaining changes:
- Use Snakeoil SSL certificate by default.
+ debian/control: Depend on ssl-cert
+ debian/patches/ ssl-cert- snakeoil. dpatch: Change default SSL cert paths
to snakeoil.
+ debian/dovecot- common. postinst: Relax grep for SSL_* a bit.
- Fast TearDown:
+ debian/rules: Call dh_installinit in 'multiuser' mode.
+ debian/control: Depend on newer sysv-rc for this.
+ debian/dovecot- common. postinst: Remove stop script symlinks from rc0
and rc6 on upgrades. Needs to be kept until next LTS release.
- Add autopkgtest in debian/tests/. - 23. By Matthias Klose
-
* Merge with Debian; remaining changes:
- Use Snakeoil SSL certificate by default.
+ debian/control: Depend on ssl-cert
+ debian/patches/ ssl-cert- snakeoil. dpatch: Change default SSL cert paths
to snakeoil.
+ debian/dovecot- common. postinst: Relax grep for SSL_* a bit.
- Fast TearDown:
+ debian/rules: Call dh_installinit in 'multiuser' mode.
+ debian/control: Depend on newer sysv-rc for this.
+ debian/dovecot- common. postinst: Remove stop script symlinks from rc0
and rc6 on upgrades. Needs to be kept until next LTS release.
- Add autopkgtest in debian/tests/. - 21. By Martin Pitt
-
* Merged with Debian unstable; remaining Ubuntu changes:
- Use Snakeoil SSL certificate by default.
+ debian/control: Depend on ssl-cert
+ debian/patches/ ssl-cert- snakeoil. dpatch: Change default SSL cert paths
to snakeoil.
+ debian/dovecot- common. postinst: Relax grep for SSL_* a bit.
- Fast TearDown:
+ debian/rules: Call dh_installinit in 'multiuser' mode.
+ debian/control: Depend on newer sysv-rc for this.
+ debian/dovecot- common. postinst: Remove stop script symlinks from rc0
and rc6 on upgrades. Needs to be kept until next LTS release.
- Add autopkgtest in debian/tests/.
* debian/control: Set Ubuntu maintainer. - 20. By Ian Jackson
-
[ Martin Pitt, edited lightly by Ian Jackson: ]
Add debian/tests/: autopkgtest control file plus our current package-tests
test suite for security QA. - 19. By Matthias Klose
-
* Merge from debian unstable, remaining changes:
- snakeoil ssl
- Remove stop script symlinks from rc0 and rc6
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/dovecot