Change log for uw-imap package in Debian
| 1 → 19 of 19 results | First • Previous • Next • Last |
| Published in experimental-release |
uw-imap (8:2007f~dfsg-7.1~exp2) experimental; urgency=medium * Update debian/control.in.in, not just debian/control.in. -- Steve Langasek <email address hidden> Sat, 24 Feb 2024 10:23:12 +0000
| Superseded in experimental-release |
uw-imap (8:2007f~dfsg-7.1~exp1) experimental; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. -- Steve Langasek <email address hidden> Mon, 05 Feb 2024 20:18:10 +0000
uw-imap (8:2007f~dfsg-7) unstable; urgency=low
* 2014_openssl1.1.1_sni.patch (new, from Ubuntu): Use SNI when building
with OpenSSL 1.1.1 / TLSv1.3 support, since some servers (e.g.,
imap.gmail.com, imap.mail.att.net) require SNI on TLSv1.3 to pass
certificate verification (Closes: #916041). Thanks to Ed Spiridonov
and David Zuelke.
* 1005_poll.patch: Use poll(2) instead of select(2) for SSL connections
as well (Closes: #770022).
* 1001_shlibs.patch, 2012_krb5_multidev.patch, debian/rules: Make cross
compilation work by not hard-coding the compiler and by letting
dh_auto_build set the variables correctly (Closes: #876074). Thanks to
Helmut Grohne.
* 1002_fix_ftbfs.patch: Correct the order of arguments to syslog(),
which has been wrong all these years, and rename to more descriptive
1002_flock_fix_syslog_args.patch.
* Bump Standards-Version to 4.4.0. (Not renaming libc-client2007e-dev
now, but if the soname should need to change sometime in the future.)
-- Magnus Holmgren <email address hidden> Mon, 26 Aug 2019 22:52:52 +0200
Available diffs
uw-imap (8:2007f~dfsg-6) unstable; urgency=medium
* [CVE-2018-19518] 2013_disable_rsh.patch (new): Disable access to IMAP
mailboxes through running imapd over rsh, and therefore ssh (Closes:
#914632). Code using the library can enable it with tcp_parameters()
after making sure that the IMAP server name is sanitized.
* Change Priority: extra of -dev package to optional.
* Move git repository to salsa.debian.org.
-- Magnus Holmgren <email address hidden> Wed, 27 Feb 2019 00:08:08 +0100
Available diffs
uw-imap (8:2007f~dfsg-5) unstable; urgency=low
* 1006_openssl1.1_autoverify.patch (new): Use new features for
validating certificates when building with OpenSSL 1.1 (Closes:
#828589). Thanks to Sebastian Andrzej Siewior and Kurt Roeckx for
help.
* Switch to Debhelper compat level 9.
* Bump Standards-Version to 3.9.8.
* Update Build-Depends with cdbs.
-- Magnus Holmgren <email address hidden> Wed, 23 Nov 2016 22:25:10 +0100
Available diffs
uw-imap (8:2007f~dfsg-4) unstable; urgency=medium
* 2012_krb5_multidev.patch: Fix typo mixing up --cflags and --libs
causing libc-client not to be linked to the kerberos libraries
(Closes: #766526).
* Tell d-shlibmove to substitute krb5-multidev for libkrb5-dev.
-- Magnus Holmgren <email address hidden> Fri, 24 Oct 2014 22:40:53 +0200
Available diffs
| Superseded in sid-release |
uw-imap (8:2007f~dfsg-3) unstable; urgency=low
* 2012_krb5_multidev.patch (new): Depend on krb5-multidev rather than
libkrb5-dev (Closes: #745333). Thanks to Jelmer Vernooij.
* 1005_poll.patch (new): Use poll(2) instead of select(2) to support
more than 1024 file descriptors (Closes: #478193). Thanks to Ben
Smithurst.
* Bump Standards-Version to 3.9.6.
-- Magnus Holmgren <email address hidden> Sun, 19 Oct 2014 23:01:35 +0200
uw-imap (8:2007f~dfsg-2) unstable; urgency=medium * New maintainer (Closes: #686448). * Disable unnecessarily strict version check (Closes: #682256). -- Magnus Holmgren <email address hidden> Thu, 25 Oct 2012 23:00:39 +0200
Available diffs
uw-imap (8:2007f~dfsg-1) unstable; urgency=low
* New upstream release.
Closes: bug#656074. Thanks to Ivan Shmakov.
* Stop shipping uw-imapd or ipopd daemons: Code is in bad shape and
better alternatives exist.
* Lower Priority of libc-client-*-dev to extra: Depends on similarly
prioritized comerr-dev and libkrb5-dev.
* Drop locally included CDBS snippets: Adopted upstream.
* Use dpkg source format 3.0 (quilt).
Stop including patchsys-quilt.mk and update README.source to not
mention quilt.
Git-ignore quilt .pc subidr.
* Update rules file licensing header:
+ Extend years, and list them explicitly.
+ Refer to FSF web URL (not postal address).
* Bump debhelper compat level to 7.
* Unfuzz patches and refresh using quilt shortening options -pab
--no-timestamps --no-index.
* Fix use target build-arch (not build).
Closes: bug#666288. Thanks to Lucas Nussbaum.
* Add patch 1003 to properly zero out len when mail_fetch_body()
returns an empty string.
Closes: bug#635839. Thanks to Vladimir Kolesnikov and Daniel T Chen.
* Add patch 1004 to implement support for IMAP extension METADATA
(rfc5464).
Closes: bug#456591. Thanks to Mathieu Parent and Kolab project.
* Explicitly pass LDFLAGS to build, to hopefully include eventual
hardening flags.
* Extend patch 1001 to explicitly link against all used Kerberos libs.
Closes: bug#558968. Thanks to Peter Fritzsche and Matthias Klose.
* Use anonscm.debian.org for Vcs-Browser field.
* Update package relations:
+ Sort and newline-delimit package relations.
+ Stop build-depending on quilt or patchutils: unneeded with source
version 3.0 (quilt).
+ Relax to build-depend unversioned on debhelper and devscripts:
Required versions satisfied even in oldstable.
+ Tighten build-dependency on cdbs.
+ Stop build-depending on perl: Was used in a CDBS snippet which is
now dropped.
+ Stop build-depending on po-debconf: Was used for debconf of daemon
packages which are now dropped.
* Rewrite copyright file using format 1.0.
* Fix version in NEWS entry, to silence lintian (sadly it is 6 years
too late to be of real benefit).
* Drop stray substvars file from source packaging. Thanks to lintian.
* Hardcode CDBS-resolved build flags, and stuff CPPFLAGS into CFLAGS,
to enable hardening.
-- Jonas Smedegaard <email address hidden> Fri, 29 Jun 2012 13:07:15 +0200
uw-imap (8:2007e~dfsg-3.3) unstable; urgency=low
* Non-maintainer upload.
* Fix pending l10n issues. Debconf translations:
- Dutch; (Jeroen Schot). Closes: #625525
- Polish (Michał Kułach). Closes: #657764
- Indonesian (Mahyuddin Susanto). Closes: #657821
-- Christian Perrier <email address hidden> Mon, 06 Feb 2012 07:31:02 +0100
Available diffs
uw-imap (8:2007e~dfsg-3.2) unstable; urgency=low * Non-maintainer upload. * Fix FTBFS with flag -Werror=format-security. Patch by Aurélien Jarno. (Closes: #646481). -- Ana Beatriz Guerrero Lopez <email address hidden> Sat, 03 Dec 2011 22:28:48 +0100
uw-imap (8:2007e~dfsg-3.1) unstable; urgency=low
* Non-maintainer upload.
* Add Provides to virtual pop3-server and imap-server to avoid file
conflicts with alternative daemons. (Closes: #550380)
-- Stefano Zacchiroli <email address hidden> Sat, 23 Jan 2010 17:16:33 +0100
uw-imap (8:2007e~dfsg-3) unstable; urgency=low * Fix have ipopd (not uw-imapd) conflict/replace virtual pop3-server. -- Jonas Smedegaard <email address hidden> Fri, 09 Oct 2009 22:31:48 +0200
| Superseded in sid-release |
uw-imap (8:2007e~dfsg-1) unstable; urgency=low
* New upstream release.
* Update debian/copyright:
+ Add X-Files-Stripped and X-Files-Stripped-Reason notes for files
stripped in repackaged source
+ Update contact infor for upstream author
+ Attach note on Debian-distributed license texts to respective tags
+ Bump to revision 413 of new copyright format
* Recommend default-mta (not exim4) as, well, default MTA.
* Have uw-imapd and ipopd PAM files include common-session-
noninteractive (not common-session), and tighten dependencies on
libpam-runtime to versions providing the included file.
* Drop patches 0001-0003 part of current upstream source.
* Drop patch 1003 (maildir support) as it is not freely licensed and
its author has explicitly requested its removal. Add NEWS item and
rewrite README.Debian section. Update debian/control.
* Stop SONAME from auto-bumping with each new release (but do bump
this time around due to dropped Maildir patch).
* Rewrite README.source to no longer describe source contents but
mention the use of Git, CDBS, quilt and DEB_MAINTAINER_MODE. Drop
README.cdbs-tweaks and cdbs-specific notes in debian/rules.
* Add git-buildpackage configfile, enabling signed tags and
pristine-tar.
* Update CDBS snippets:
+ Add CDBS snippet package-relations.mk.
+ Consistently use underscore (not dash) in variables.
+ Implement fail-source-not-repackaged rule in upstream-tarball.mk.
+ Update URL to draft DEP5 format in copyright-check.mk output.
* Drop no longer used -ssl README.debian files.
* Add DEB_MAINTAINER_MODE in debian/rules (thanks to Romain Beauxis).
* Resolve, cleanup and apply CDBS-declared dependencies using
package-relations.mk.
* Update copyright info:
+ Rewrite to rev54 of DEB5 draft machine-readable format.
+ Extend copyright years for debian/*.
+ Add Source stanza.
+ Add copyright and licensing infor for PO files.
+ Fix set Stanford University as copyright holder (not license).
* Fix tighten build-dependency on debhelper (5.0.44 too old for v6).
* Bump policy-compliance to Standards-Version 3.8.0 (mailbox access
requirements might not comply with Policy v3.8.1 or newer).
* Always depend on ${misc:Depends} (not only when known needed).
* Use lowercase hostname variable in postinsts to not bogusly upset
lintian.
-- Jonas Smedegaard <email address hidden> Wed, 07 Oct 2009 15:15:57 +0200
uw-imap (8:2007b~dfsg-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix denial of service vulnerability because of rfc822_output_char() not
checking for a full buffer and writing one byte ahead the buffer, later
resulting in memcpy getting called with a possible size argument of -1
(0003_CVE-2008-5514.patch; Closes: #510918)
-- Nico Golde <email address hidden> Thu, 15 Jan 2009 19:00:01 +0100
| Published in lenny-release |
uw-imap (7:2007b~dfsg-4+lenny3) testing-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix stack-based buffer overflow in tmail/dmail that could allow
local users to execute arbitrary code
(0001_insecure_strcmp.patch; CVE-2008-5005)
* Fix NULL ptr dereference because of a malicious response to the QUIT
command leading to denial of service
(0002_no_close_quit_netstream.patch; CVE-2008-5006)
* Fix denial of service vulnerability because of rfc822_output_char() not
checking for a full buffer and writing one byte ahead the buffer, later
resulting in memcpy getting called with a possible size argument of -1
(0003_CVE-2008-5514.patch; CVE-2008-5514)
-- Nico Golde <email address hidden> Wed, 24 Dec 2008 12:03:39 +0100
| Superseded in sid-release |
uw-imap (8:2007b~dfsg-1) unstable; urgency=medium
* Revert to older upstream 2007b, and instead bump epoc, as simplest
possible apporach to get back to old soname, needed for the frozen
Lenny. Thanks to Adeodato Simó for educating me about the problem
and coming up with the solution.
* Add patch 0001 from newer 2007d release, fixing local exploitable
security hole in dmail and tmail. Thanks to Tomas Pospisek for
reporting.
* Add patch 0002 from newer 2007d release, to not close already closed
smtp netstream.
* Set urgency=medium due to soname fix (security issue already in
7:2007d~dfsg-1 and 7:2007b~dfsg-4+lenny1, so urgency=high unneeded.
-- Jonas Smedegaard <email address hidden> Mon, 01 Dec 2008 03:22:45 +0100
| Superseded in sid-release |
uw-imap (7:2007d~dfsg-1) unstable; urgency=high
* New upstream release.
* Set urgency=high as this release fixes a locally exploitable hole in
dmail and tmail.
* Update cdbs snippets:
+ Restructure output of copyright-check.mk to match new proposed
copyright-format at
http://wiki.debian.org/Proposals/CopyrightFormat .
+ Several minor improvements to upstream-tarball.mk.
+ Add new local package-relations.mk to merge duplicate
build-dependencies and more. Drop cleanup in debian/rules.
+ Update debian/README.cdbs-tweaks.
* Update copyright hints.
* Add DEB_MAINTAINER_MODE in debian/rules (thanks to Romain Beauxis).
* Semi-auto-update debian/control to update dependencies:
DEB_MAINTAINER_MODE=1 fakeroot debian/rules clean
-- Jonas Smedegaard <email address hidden> Mon, 03 Nov 2008 13:19:02 +0100
uw-imap (7:2007b~dfsg-3) unstable; urgency=high
* Fix patch 1001 to properly include IP6 flag, so package get compiled
with IPv6 support as intended. Closes: bug#268251, thanks to
Herbert Meier and others for reporting and to Christophe Wolfhugel
for spotting the cause of the problem and providing a patch.
* Setting urgency=high as this is a regression to earlier releases,
and the fix is quite small.
-- Jonas Smedegaard <email address hidden> Fri, 22 Aug 2008 09:57:49 +0200
| 1 → 19 of 19 results | First • Previous • Next • Last |
