Ubuntu
dovecot package

lp:ubuntu/intrepid-updates/dovecot

  1. Intrepid (8.10)
  2. intrepid-updates
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/intrepid-updates/dovecot
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

48. By Marc Deslauriers

* SECURITY UPDATE: directory traversal vulnerability in the the
  ManageSieve implementation (LP: #307291)
  - debian/patches/security-CVE-2008-5301.dpatch: filter out slashes in
    script names in dovecot-managesieve/src/lib-sievestorage/
    {sieve-storage-save.c,sieve-storage-script.c}.
  - CVE-2008-5301
* SECURITY UPDATE: arbitrary code execution via buffer overlows in
  the Sieve plugin
  - debian/patches/security-CVE-2009-3235.dpatch: increase scount size in
    dovecot-sieve/src/libsieve/bc_eval.c, use snprintf in
    dovecot-sieve/src/libsieve/sieve.y, use snprintf and calculate the
    right length in dovecot-sieve/src/libsieve/script.c.
  - CVE-2009-2632
  - CVE-2009-3235

47. By Mathias Gug

* SECURITY UPDATE: denial of service via malformed headers.
  - debian/patches/fix-message-parser.dpatch: Parsing an invalid message
    address like "From: (" caused an assert-crash. (LP: #290901).
  - CVE-2008-4907

46. By Mathias Gug

* New upstream release (LP: #281423):
  - Fix message parser.
  - Fix maildirlock utility.
  - Fix bzip2 support in zlib plugin.
  - mbox: Several bugfixes causing errors and crashes.
  - Many error handling fixes and log message improvements.
  - SORT: Fix assert-crashes.
* Update dovecot-managesieve patch for 1.1.4.
* debian/control:
  - Update Vcs-* headers.
* Merge from debian experimental, remaining changes:
  - Use Snakeoil SSL certificates by default.
    + debian/control: Depend on ssl-cert
    + debian/paptches/ssl-cert-snakeoil.dpatch: Change default SSL cert
      paths to snakeoil.
    + debian/dovecot-common.postinst: Relax grep for SSL_* a bit.
  - Add autopkgtest in debian/tests/*.
  - Don't fail in postinst if dovecot-{sql,ldap} is missing. (LP: #153161)
  - debian/dovecot-common.init: Check to see if there is an /etc/inetd.conf.
    (LP: #208411)
  - debian/patches/login-max-process-count-warning.dpatch: Tell the user
    that they have reached the maximum number of processes count.
    (LP: #189616)
  - Fast TearDown: Update lsb init header to not stop in level 6.
  - Add status action to the init script:
    + debian/control: Depend on lsb >= 3.2.12ubuntu3.
    + debian/dovecot-common-init: Add the 'status' action (LP: #247096).
  - debian/rules:
    - Copy config.{guess,sub} after running libtoolize.
    - Clean dovecot-managesieve directory.
  - debian/patches/fix-dovecot-sieve.dpatch: Fixes assertion error
    when a header string ends with a LF (LP: #264306)
  - Add ufw integration:
    - Created debian/dovecot-common.ufw.profile
    - debian/rules:
      + install profile
    - debian/control
      + Suggest ufw
  - debian/{control,rules}: enable PIE hardening
  - Updated dovecot.common.README.Debian with information on what has changed
    between 1.0 and 1.1.1. Fixes (LP: #257625)
  - dovecot-imapd, dovecot-pop3: Replaces dovecot-common (<< 1:1.1). LP: #254721.
* Dropped:
  - debian/dovecot-common.postinst: Remove stop script symlinks fom rc0
    and rc6 on upgrades. Need to be kept until next LTS release.
  - Fast TearDown:
    + debian/rules: Call dh_installinit in 'multiuser' mode.
    + debian/control: Depend on new sysv-rc for this.
  - Include dovecot-sieve-1.1.5: available in Debian.

45. By Chuck Short

debian/patches/fix-dovecot-sieve.dpatch: Fixes assertion error
when a header string ends with a LF (LP: #264306)

44. By Nicolas Valcarcel

* Add ufw integration:
  - Created debian/dovecot-common.ufw.profile
  - debian/rules:
    + install profile
  - debian/control
    + Suggest ufw

43. By Kees Cook

debian/{control,rules}: enable PIE hardening

42. By Chuck Short

Updated dovecot.common.README.Debian with information on what has changed
between 1.0 and 1.1.1. Fixes (LP: #257625)

41. By Nicolas Valcarcel

Removed update-rc.d "multiuser" option and updated init info (LP: #255367)
http://lists.ubuntu.com/archives/ubuntu-devel-announce/2008-June/000430.html

40. By Matthias Klose

dovecot-imapd, dovecot-pop3: Replaces dovecot-common (<< 1:1.1). LP: #254721.

39. By Matthias Klose

* Merge from debian experimental, remaining changes:
  - Use Snakeoil SSL certificates by default.
    + debian/control: Depend on ssl-cert
    + debian/paptches/ssl-cert-snakeoil.dpatch: Change default SSL cert paths
      to snakeoil.
    + debian/dovecot-common.postinst: Relax grep for SSL_* a bit.
  - Fast TearDown:
    + debian/rules: Call dh_installinit in 'multiuser' mode.
    + debian/control: Depend on new sysv-rc for this.
    + debian/dovecot-common.postinst: Remove stop script symlinks fom rc0
      and rc6 on upgrades. Need to be kept until next LTS release.
  - Add autopkgtest in debian/tests/*.
  - Don't fail in postinst if dovecot-{sql,ldap} is missing. (LP: #153161)
  - debian/dovecot-common.init: Check to see if there is an /etc/inetd.conf.
    (LP: #208411)
  - debian/patches/login-max-process-count-warning.dpatch: Tell the user that they
    have reached the maximum number of processes count. (LP: #189616)
  - debian/control: Depend on lsb >= 3.2.12ubuntu3.
  - debian/dovecot-common-init: Add the 'status' action (LP: #247096)
  - Include dovecot-sieve-1.1.5.
* debian/rules:
  - Copy config.{guess,sub} after running libtoolize.
  - Clean dovecot-managesieve directory.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/dovecot
This branch contains Public information 
Everyone can see this information.

Subscribers