From: mwolson_admin Date: Fri, 10 Apr 2009 03:33:52 +0000 (-0400) Subject: Merge from debian. X-Git-Tag: debian/0.63.0-6+hcoop1~4 X-Git-Url: http://git.hcoop.net/hcoop/debian/courier-authlib.git/commitdiff_plain/b92f8a0725abfd548aa6f569c298dd69c1b1b79c Merge from debian. --- b92f8a0725abfd548aa6f569c298dd69c1b1b79c diff --cc Makefile.in index a572d17,73026e5..5033cfe --- a/Makefile.in +++ b/Makefile.in @@@ -367,8 -349,8 +349,7 @@@ PGSQL_LIBS = @PGSQL_LIBS PG_CONFIG = @PG_CONFIG@ RANLIB = @RANLIB@ REPOSITORY = @REPOSITORY@ -SED = @SED@ SET_MAKE = @SET_MAKE@ - SHA1LIB = @SHA1LIB@ SHADOWLIBS = @SHADOWLIBS@ SHELL = @SHELL@ STRIP = @STRIP@ diff --cc debian/changelog index c07b132,88916bc..f9e039c --- a/debian/changelog +++ b/debian/changelog @@@ -1,55 -1,38 +1,90 @@@ + courier-authlib (0.61.0-1+lenny1) testing-security; urgency=high + + * Non-maintainer upload by the security team + * Fix several sql-injection vulnerabilities in authpgsqllib.c by using + PQsetClientEncoding() and PQescapeStringConn() + Fixes: CVE-2008-2380 + + -- Steffen Joeris Mon, 08 Dec 2008 13:48:12 +0000 + + courier-authlib (0.61.0-1) unstable; urgency=low + + * new upstream release + * lintian: + - debian/compat file + - don't ignore make clean errors + + -- Stefan Hornburg (Racke) Thu, 17 Jul 2008 12:59:36 +0200 + + courier-authlib (0.60.1-2.1) unstable; urgency=high + + * Non-maintainer upload by the security team + * Fix sql injection vulnerability by changing to use + mysql_set_character_set instead of SET NAMES + (Change was introduced by upstream in 0.60.6) + (Closes: #485424) + + -- Steffen Joeris Mon, 09 Jun 2008 15:29:23 +0000 + +courier-authlib (0.60.2-0hcoop7) unstable; urgency=low + + * Revert last change. Now the AFS token code is before the callback. + + -- Michael Olson (HCoop) Thu, 07 Feb 2008 22:37:30 -0500 + +courier-authlib (0.60.2-0hcoop6) unstable; urgency=low + + * Move acquiting of AFS vmail tokens to just after callback. + + -- Michael Olson (HCoop) Sat, 02 Feb 2008 20:29:01 -0500 + +courier-authlib (0.60.2-0hcoop5) unstable; urgency=low + + * Move acquiring of AFS vmail tokens to preauthuserdbcommon.c. + + -- Michael Olson (HCoop) Fri, 01 Feb 2008 21:55:37 -0500 + +courier-authlib (0.60.2-0hcoop4) unstable; urgency=low + + * authuserdb: Try using a separate get-token script. + + -- Michael Olson (HCoop) Wed, 30 Jan 2008 13:17:14 -0500 + +courier-authlib (0.60.2-0hcoop3) unstable; urgency=low + + * Fix bug in previous patch. + + -- Michael Olson (HCoop) Sun, 27 Jan 2008 16:19:18 -0500 + +courier-authlib (0.60.2-0hcoop2) unstable; urgency=low + + * Get token after authenticating a vmail user. + + -- Michael Olson (HCoop) Sat, 26 Jan 2008 15:28:19 -0500 + +courier-authlib (0.60.2-0hcoop1) unstable; urgency=low + + * New upstream release. Remaining changes: + - Revert the disabling of pam_setcred so that IMAP works as expected. + - Set the userdb path to be /etc/courier/userdb. + + -- Michael Olson (HCoop) Fri, 25 Jan 2008 19:24:41 -0500 + + courier-authlib (0.60.1-2) unstable; urgency=low + + * added LSB dependency info to init scripts (Closes: #460221, thanks to + Petter Reinholdtsen for the patch) + + -- Stefan Hornburg (Racke) Mon, 7 Apr 2008 13:21:37 +0200 + +courier-authlib (0.60.1-1hcoop1) unstable; urgency=low + + * Sync from Debian. Remaining changes: + - Revert the disabling of pam_setcred so that IMAP works as expected. + - Set the userdb path to be /etc/courier/userdb. + + -- Michael Olson (HCoop) Fri, 25 Jan 2008 18:28:11 -0500 + courier-authlib (0.60.1-1) unstable; urgency=low * new upstream release