lp:ubuntu/hardy-updates/dovecot
- Get this branch:
- bzr branch lp:ubuntu/hardy-updates/dovecot
Branch merges
Branch information
Recent revisions
- 34. By Marc Deslauriers
-
* SECURITY UPDATE: access restriction bypass from negative access rights
being treated as positive access rights in the ACL plugin
- debian/patches/ security- CVE-2008- 4577.dpatch: fix rights mask in
src/plugins/ acl/acl- cache.c.
- CVE-2008-4577
* SECURITY UPDATE: arbitrary code execution via buffer overlows in
the Sieve plugin
- debian/patches/ security- CVE-2009- 3235.dpatch: increase scount size in
dovecot-sieve/src/ libsieve/ bc_eval. c, use snprintf in
dovecot-sieve/src/ libsieve/ sieve.y, use snprintf and calculate the
right length in dovecot-sieve/src/ libsieve/ script. c.
- CVE-2009-2632
- CVE-2009-3235 - 33. By Nicolas Valcarcel
-
Fixed error with multiple ssl certs on postinst limiting the grep result
to 1 cert. Thanks Matt LaPlante for the suggestions (LP: #182086) - 32. By Chuck Short
-
* debian/
dovecot- common. init
- Check to see if there is an /etc/inetd.conf. (LP: #208411) - 31. By Kees Cook
-
* SECURITY UPDATE: mailboxes of other users could be read via symlinks.
* Add upstream-mail-group- fixes.dpatch: upstream fixes (CVE-2008-1199).
* Add upstream-invalid- password- fixes.dpatch: proactive upstream fixes
to avoid future issues in underlying passdb (CVE-2008-1218).
* References
http://dovecot. org/list/ dovecot- news/2008- March/000060. html
http://dovecot. org/list/ dovecot- news/2008- March/000064. html - 29. By Soren Hansen
-
* Merge from debian unstable, remaining changes:
- DebianMaintainerField.
- Use Snakeoil SSL certificate by default.
+ debian/control: Depend on ssl-cert
+ debian/patches/ ssl-cert- snakeoil. dpatch: Change default SSL cert paths
to snakeoil.
+ debian/dovecot- common. postinst: Relax grep for SSL_* a bit.
- Fast TearDown:
+ debian/rules: Call dh_installinit in 'multiuser' mode.
+ debian/control: Depend on newer sysv-rc for this.
+ debian/dovecot- common. postinst: Remove stop script symlinks from rc0
and rc6 on upgrades. Needs to be kept until next LTS release.
- Add autopkgtest in debian/tests/.
- Don't fail in postinst if dovecot-{sql,ldap} is missing. (LP #153161) - 28. By Soren Hansen
-
* Merge from debian unstable, remaining changes:
- DebianMaintainerField.
- Use Snakeoil SSL certificate by default.
+ debian/control: Depend on ssl-cert
+ debian/patches/ ssl-cert- snakeoil. dpatch: Change default SSL cert paths
to snakeoil.
+ debian/dovecot- common. postinst: Relax grep for SSL_* a bit.
- Fast TearDown:
+ debian/rules: Call dh_installinit in 'multiuser' mode.
+ debian/control: Depend on newer sysv-rc for this.
+ debian/dovecot- common. postinst: Remove stop script symlinks from rc0
and rc6 on upgrades. Needs to be kept until next LTS release.
- Add autopkgtest in debian/tests/.
- Don't fail in postinst if dovecot-{sql,ldap} is missing. (LP #153161) - 27. By Soren Hansen
-
Don't fail in postinst if dovecot-{sql,ldap} is missing. (LP: #153161)
Thanks to Adam Sommer for the initial patch! - 26. By Mathias Gug
-
* Fix dovecot restart when removing -pop3d/-imapd packages (LP: #151650):
- debian/dovecot- {pop3d, imapd}. postrm: start dovecot.
* Restart dovecot when -pop3d/-imapd package are installed:
- debian/dovecot- {pop3d, imapd}. postinst: restart dovecot. - 25. By Soren Hansen
-
[Mathias Gug]
* Merge with Debian (LP: #149049); remaining changes:
- Use Snakeoil SSL certificate by default.
+ debian/control: Depend on ssl-cert
+ debian/patches/ ssl-cert- snakeoil. dpatch: Change default SSL cert paths
to snakeoil.
+ debian/dovecot- common. postinst: Relax grep for SSL_* a bit.
- Fast TearDown:
+ debian/rules: Call dh_installinit in 'multiuser' mode.
+ debian/control: Depend on newer sysv-rc for this.
+ debian/dovecot- common. postinst: Remove stop script symlinks from rc0
and rc6 on upgrades. Needs to be kept until next LTS release.
- Add autopkgtest in debian/tests/.[Soren Hansen]
* Based on work by Mathias Gug: Enable imap/pop3 protocols when installing
dovecot-imap/dovecot- pop3 package (LP: #146648):
- debian/dovecot- pop3d.postinst, debian/ dovecot- imapd.postinst: add
imap,imaps/pop3, pop3s to protocols line in dovecot.conf (removing "none"
if it's there).
- debian/dovecot- pop3d.postrm, debian/ dovecot- imapd.postrm: remove
imap,imaps/pop3, pop3s from protocols line in dovecot.conf (putting
"none" if last protocol is removed).
* debian/patches/ exec_check_ for_none. dpatch:
- Disable access(..., X_OK) check for protocols that are not going to be
started anyway.
* debian/patches/ protocols_ none_by_ default. dpatch:
- Set "protocols = none" by default.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/dovecot