lp:ubuntu/intrepid-updates/dovecot
- Get this branch:
- bzr branch lp:ubuntu/intrepid-updates/dovecot
Branch merges
Branch information
Recent revisions
- 48. By Marc Deslauriers
-
* SECURITY UPDATE: directory traversal vulnerability in the the
ManageSieve implementation (LP: #307291)
- debian/patches/ security- CVE-2008- 5301.dpatch: filter out slashes in
script names in dovecot-managesieve/ src/lib- sievestorage/
{sieve-storage- save.c, sieve-storage- script. c}.
- CVE-2008-5301
* SECURITY UPDATE: arbitrary code execution via buffer overlows in
the Sieve plugin
- debian/patches/ security- CVE-2009- 3235.dpatch: increase scount size in
dovecot-sieve/src/ libsieve/ bc_eval. c, use snprintf in
dovecot-sieve/src/ libsieve/ sieve.y, use snprintf and calculate the
right length in dovecot-sieve/src/ libsieve/ script. c.
- CVE-2009-2632
- CVE-2009-3235 - 47. By Mathias Gug
-
* SECURITY UPDATE: denial of service via malformed headers.
- debian/patches/ fix-message- parser. dpatch: Parsing an invalid message
address like "From: (" caused an assert-crash. (LP: #290901).
- CVE-2008-4907 - 46. By Mathias Gug
-
* New upstream release (LP: #281423):
- Fix message parser.
- Fix maildirlock utility.
- Fix bzip2 support in zlib plugin.
- mbox: Several bugfixes causing errors and crashes.
- Many error handling fixes and log message improvements.
- SORT: Fix assert-crashes.
* Update dovecot-managesieve patch for 1.1.4.
* debian/control:
- Update Vcs-* headers.
* Merge from debian experimental, remaining changes:
- Use Snakeoil SSL certificates by default.
+ debian/control: Depend on ssl-cert
+ debian/paptches/ ssl-cert- snakeoil. dpatch: Change default SSL cert
paths to snakeoil.
+ debian/dovecot- common. postinst: Relax grep for SSL_* a bit.
- Add autopkgtest in debian/tests/*.
- Don't fail in postinst if dovecot-{sql,ldap} is missing. (LP: #153161)
- debian/dovecot- common. init: Check to see if there is an /etc/inetd.conf.
(LP: #208411)
- debian/patches/ login-max- process- count-warning. dpatch: Tell the user
that they have reached the maximum number of processes count.
(LP: #189616)
- Fast TearDown: Update lsb init header to not stop in level 6.
- Add status action to the init script:
+ debian/control: Depend on lsb >= 3.2.12ubuntu3.
+ debian/dovecot- common- init: Add the 'status' action (LP: #247096).
- debian/rules:
- Copy config.{guess,sub} after running libtoolize.
- Clean dovecot-managesieve directory.
- debian/patches/ fix-dovecot- sieve.dpatch: Fixes assertion error
when a header string ends with a LF (LP: #264306)
- Add ufw integration:
- Created debian/dovecot- common. ufw.profile
- debian/rules:
+ install profile
- debian/control
+ Suggest ufw
- debian/{control, rules}: enable PIE hardening
- Updated dovecot.common. README. Debian with information on what has changed
between 1.0 and 1.1.1. Fixes (LP: #257625)
- dovecot-imapd, dovecot-pop3: Replaces dovecot-common (<< 1:1.1). LP: #254721.
* Dropped:
- debian/dovecot- common. postinst: Remove stop script symlinks fom rc0
and rc6 on upgrades. Need to be kept until next LTS release.
- Fast TearDown:
+ debian/rules: Call dh_installinit in 'multiuser' mode.
+ debian/control: Depend on new sysv-rc for this.
- Include dovecot-sieve-1. 1.5: available in Debian. - 45. By Chuck Short
-
debian/
patches/ fix-dovecot- sieve.dpatch: Fixes assertion error
when a header string ends with a LF (LP: #264306) - 44. By Nicolas Valcarcel
-
* Add ufw integration:
- Created debian/dovecot- common. ufw.profile
- debian/rules:
+ install profile
- debian/control
+ Suggest ufw - 42. By Chuck Short
-
Updated dovecot.
common. README. Debian with information on what has changed
between 1.0 and 1.1.1. Fixes (LP: #257625) - 41. By Nicolas Valcarcel
-
Removed update-rc.d "multiuser" option and updated init info (LP: #255367)
http://lists.ubuntu. com/archives/ ubuntu- devel-announce/ 2008-June/ 000430. html - 39. By Matthias Klose
-
* Merge from debian experimental, remaining changes:
- Use Snakeoil SSL certificates by default.
+ debian/control: Depend on ssl-cert
+ debian/paptches/ ssl-cert- snakeoil. dpatch: Change default SSL cert paths
to snakeoil.
+ debian/dovecot- common. postinst: Relax grep for SSL_* a bit.
- Fast TearDown:
+ debian/rules: Call dh_installinit in 'multiuser' mode.
+ debian/control: Depend on new sysv-rc for this.
+ debian/dovecot- common. postinst: Remove stop script symlinks fom rc0
and rc6 on upgrades. Need to be kept until next LTS release.
- Add autopkgtest in debian/tests/*.
- Don't fail in postinst if dovecot-{sql,ldap} is missing. (LP: #153161)
- debian/dovecot- common. init: Check to see if there is an /etc/inetd.conf.
(LP: #208411)
- debian/patches/ login-max- process- count-warning. dpatch: Tell the user that they
have reached the maximum number of processes count. (LP: #189616)
- debian/control: Depend on lsb >= 3.2.12ubuntu3.
- debian/dovecot- common- init: Add the 'status' action (LP: #247096)
- Include dovecot-sieve-1. 1.5.
* debian/rules:
- Copy config.{guess,sub} after running libtoolize.
- Clean dovecot-managesieve directory.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/dovecot