lp:ubuntu/lucid-updates/dovecot

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

69. By Marc Deslauriers on 2014-05-14

* SECURITY UPDATE: denial of service via SSL connection exhaustion
  - debian/patches/CVE-2014-3430.patch: properly close connections in
    src/imap-login/client.c, src/login-common/ssl-proxy-openssl.c,
    src/login-common/ssl-proxy.*, src/pop3-login/client.c.
  - CVE-2014-3430

68. By Steve Beattie on 2011-05-31

* SECURITY UPDATE: fix memory corruption when header names included
  null bytes:
  - debian/patches/dovecot-CVE-2011-1929.patch: use binary copy rather
    than a string based copy.
  - CVE-2011-1929

67. By Marc Deslauriers on 2011-01-31

* SECURITY UPDATE: information disclosure via newly created mailboxes
  with incorrect ACLs
  - debian/patches/CVE-2010-3304.patch: verify the directory isn't the
    same as the INBOX's directory in src/plugins/acl/acl-backend-vfile.c.
  - CVE-2010-3304
* SECURITY UPDATE: ACL bypass via incorrect ACL merging
  - debian/patches/CVE-2010-370x.patch: fix logic of merging multiple
    ACLs in src/plugins/acl/{acl-api.h,acl-backend-vfile.c,acl-backend.c,
    acl-cache.c}.
  - CVE-2010-3706
  - CVE-2010-3707
* SECURITY UPDATE: restriction bypass via mailbox ACL changing
  - debian/patches/CVE-2010-3779.patch: don't give admin rights to all
    owner mailboxes in src/plugins/acl/acl-backend-vfile.c.
  - CVE-2010-3779
* SECURITY UPDATE: denial of service via many simultaneous disconnects.
  - debian/patches/CVE-2010-3780.patch: don't die after three failed
    writes to log in src/lib/failures.c.
  - CVE-2010-3780
* debian/control: removed linux-kernel-headers from Build-Conflicts to
  resolve building with sbuild.
* This update does not contain the changes from 1:1.2.9-1ubuntu6.2 that
  was in -proposed.

66. By Chuck Short on 2010-04-19

[Ante Karamatic]
* dovecot-example.conf, debian/dovecot-common.dirs, debian/01-dovecot-postfix.auth,
     debian/01-dovecot-postfix.conf, debian/control, debian/dovecot-postfix.dirs,
     debian/dovecot-postfix.postinst, debian/dovecot-postfix.postrm, debian/dovecot-postfix.preinst,
     debian/rules:
     * Fix dovecot -n not to report wrong configuration. (LP: #511295)

65. By Chuck Short on 2010-03-10

debian/patches/fix-dovecot-dos.dpatch: Fix possible DoS with dovecot. (LP: #536695)

64. By Chuck Short on 2010-03-09

debian/contorl: Recommend ntpdate. (LP: #347881)

63. By Chuck Short on 2010-02-19

debian/patches/fix-mbox-autodetection.patch: Allow mailbox creation when autodetecting.
(LP: #512975)

62. By Chuck Short on 2010-01-21

Fix FTBFS.

61. By Chuck Short on 2010-01-21

* Merge from debian testing, remaining changes:
  + Add new binary pkg dovecot-postfix that integrates postfix and dovecot
    automatically: (LP: #164837)
  + debian/control:
    - add new binary with short description
    - set Architecture all for dovecot-postfix (LP: #329878)
  + debian/dovecot-postfix.postinst:
    - create initial certificate symlinks to snakeoil.
    - set up postfix with postconf to:
      - use Maildir/ as the default mailbox.
      - use dovecot as the sasl authentication server.
      - use dovecot LDA (deliver).
      - use tls for smtp{d} services.
    - fix certificates paths in postfix' main.cf
    - add reject_unauth_destination to postfix' recipient restrictions
    - add reject_unknown_sender_domain to postfix' sender restriction
    - rename configuration name on remove, delete on purge
    - restart dovecot after linking certificates
    - handle use case when postfix is unconfigurated
  + debian/dovecot-postfix.dirs: create backup directory for postfix's config
    configuration
  + restart postfix and dovecot.
  + debian/dovecot-postfix.postrm:
    - remove all dovecot related configuration from postfix.
    - restart postfix and dovecot.
  + debian/dovecot-common.init:
    - check if /etc/dovecot/dovecot-postfix.conf exists and use it
      as the configuration file if so.
  + debian/patches/warning-ubuntu-postfix.dpatch
    - add warning about dovecot-postfix.conf in dovecot default
      configuration file
  + debian/patches/dovecot-postfix.conf.diff:
    - Ubuntu server custom changes to the default dovecot configuration for
      better interfation with postfix.
    - enable sieve plugin.
    - Ubuntu server custom changes to the default dovecot configuration for
      better integration with postfix:
      - enable imap, pop3, imaps, pop3s and managesieve by default.
      - enable dovecot LDA (deliver).
      - enable SASL auth socket in postfix private directory
   + debian/rules:
     - copy, patch and install dovecot-postfix.conf in /etc/dovecot/.
     - build architecure independent packages too
   + Use Snakeoil SSL certificates by default.
     - debian/control: Depend on ssl-cert.
     - debian/patches/ssl-cert-snakeoil.dpatch: Change default SSL cert
       paths to snakeoil.
     - debian/dovecot-common.postinst: Relax grep for SSL_* a bit.
   + Add autopkgtest to debian/tests/*.
   + Fast TearDown: Update the lsb init header to not stop in level 6.
   + Add ufw integration:
     - Created debian/dovecot-common.ufw.profile.
     - debian/rules: install profile.
     - debian/control: suggest ufw.
   + debian/{control,rules}: enable PIE hardening.
   + dovecot-imapd, dovecot-pop3: Replaces dovecot-common (<< 1:1.1). (LP: #254721)
   + debian/control: Update Vcs-* headers.
   + Add SMTP-AUTH support for Outlook (login auth mechanism)

60. By Chuck Short on 2009-12-18

Update VCS-Bzr location.