0fde1ce3 |
1 | courier-authlib (0.61.0-1+lenny1) testing-security; urgency=high |
2 | |
3 | * Non-maintainer upload by the security team |
4 | * Fix several sql-injection vulnerabilities in authpgsqllib.c by using |
5 | PQsetClientEncoding() and PQescapeStringConn() |
6 | Fixes: CVE-2008-2380 |
7 | |
8 | -- Steffen Joeris <white@debian.org> Mon, 08 Dec 2008 13:48:12 +0000 |
9 | |
10 | courier-authlib (0.61.0-1) unstable; urgency=low |
11 | |
12 | * new upstream release |
13 | * lintian: |
14 | - debian/compat file |
15 | - don't ignore make clean errors |
16 | |
17 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Thu, 17 Jul 2008 12:59:36 +0200 |
18 | |
19 | courier-authlib (0.60.1-2.1) unstable; urgency=high |
20 | |
21 | * Non-maintainer upload by the security team |
22 | * Fix sql injection vulnerability by changing to use |
23 | mysql_set_character_set instead of SET NAMES |
24 | (Change was introduced by upstream in 0.60.6) |
25 | (Closes: #485424) |
26 | |
27 | -- Steffen Joeris <white@debian.org> Mon, 09 Jun 2008 15:29:23 +0000 |
28 | |
3f2ad2d4 |
29 | courier-authlib (0.60.2-0hcoop7) unstable; urgency=low |
30 | |
31 | * Revert last change. Now the AFS token code is before the callback. |
32 | |
33 | -- Michael Olson (HCoop) <mwolson@hcoop.net> Thu, 07 Feb 2008 22:37:30 -0500 |
34 | |
2cdb8e7d |
35 | courier-authlib (0.60.2-0hcoop6) unstable; urgency=low |
36 | |
37 | * Move acquiting of AFS vmail tokens to just after callback. |
38 | |
39 | -- Michael Olson (HCoop) <mwolson@hcoop.net> Sat, 02 Feb 2008 20:29:01 -0500 |
40 | |
51201864 |
41 | courier-authlib (0.60.2-0hcoop5) unstable; urgency=low |
42 | |
43 | * Move acquiring of AFS vmail tokens to preauthuserdbcommon.c. |
44 | |
45 | -- Michael Olson (HCoop) <mwolson@hcoop.net> Fri, 01 Feb 2008 21:55:37 -0500 |
46 | |
05980d6f |
47 | courier-authlib (0.60.2-0hcoop4) unstable; urgency=low |
48 | |
49 | * authuserdb: Try using a separate get-token script. |
50 | |
51 | -- Michael Olson (HCoop) <mwolson@hcoop.net> Wed, 30 Jan 2008 13:17:14 -0500 |
52 | |
63de08e7 |
53 | courier-authlib (0.60.2-0hcoop3) unstable; urgency=low |
54 | |
55 | * Fix bug in previous patch. |
56 | |
57 | -- Michael Olson (HCoop) <mwolson@hcoop.net> Sun, 27 Jan 2008 16:19:18 -0500 |
58 | |
c0398a7b |
59 | courier-authlib (0.60.2-0hcoop2) unstable; urgency=low |
60 | |
61 | * Get token after authenticating a vmail user. |
62 | |
63 | -- Michael Olson (HCoop) <mwolson@hcoop.net> Sat, 26 Jan 2008 15:28:19 -0500 |
64 | |
34c781f2 |
65 | courier-authlib (0.60.2-0hcoop1) unstable; urgency=low |
66 | |
67 | * New upstream release. Remaining changes: |
68 | - Revert the disabling of pam_setcred so that IMAP works as expected. |
69 | - Set the userdb path to be /etc/courier/userdb. |
70 | |
71 | -- Michael Olson (HCoop) <mwolson@hcoop.net> Fri, 25 Jan 2008 19:24:41 -0500 |
72 | |
0fde1ce3 |
73 | courier-authlib (0.60.1-2) unstable; urgency=low |
74 | |
75 | * added LSB dependency info to init scripts (Closes: #460221, thanks to |
76 | Petter Reinholdtsen <pere@hungry.com> for the patch) |
77 | |
78 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Mon, 7 Apr 2008 13:21:37 +0200 |
79 | |
92232671 |
80 | courier-authlib (0.60.1-1hcoop1) unstable; urgency=low |
81 | |
82 | * Sync from Debian. Remaining changes: |
83 | - Revert the disabling of pam_setcred so that IMAP works as expected. |
84 | - Set the userdb path to be /etc/courier/userdb. |
85 | |
f53ed7f1 |
86 | -- Michael Olson (HCoop) <mwolson@hcoop.net> Fri, 25 Jan 2008 18:28:11 -0500 |
92232671 |
87 | |
64ff59ba |
88 | courier-authlib (0.60.1-1) unstable; urgency=low |
89 | |
90 | * new upstream release |
91 | |
92 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Mon, 15 Oct 2007 10:56:16 +0200 |
93 | |
94 | courier-authlib (0.60.0-1) unstable; urgency=low |
95 | |
96 | * new upstream release, now under GPL version 3 |
97 | |
98 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Sun, 30 Sep 2007 21:58:35 +0200 |
99 | |
100 | courier-authlib (0.59.3-2) unstable; urgency=low |
101 | |
102 | * dropped alternative build dependency on postgresql-dev |
103 | (Closes: #429964, thanks to Lior Kaplan <kaplan@debian.org> for the report |
104 | |
105 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Thu, 21 Jun 2007 20:26:38 +0200 |
106 | |
4360c3b9 |
107 | courier-authlib (0.59.3-1hcoop1) unstable; urgency=low |
108 | |
109 | [Adam Megacz] |
110 | * Revert the disabling of pam_setcred so that IMAP works as expected. |
111 | * Set the userdb path to be /etc/courier/userdb. |
112 | * userdb: Allow "+", ":", and "_" in usernames. |
113 | |
114 | -- Michael Olson (HCoop) <mwolson@hcoop.net> Fri, 25 Jan 2008 17:46:10 -0500 |
115 | |
426e7833 |
116 | courier-authlib (0.59.3-1) unstable; urgency=low |
117 | |
118 | * new upstream release |
119 | |
120 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Mon, 23 Apr 2007 10:18:17 +0200 |
121 | |
122 | courier-authlib (0.59.1-0.1) experimental; urgency=low |
123 | |
124 | * new upstream release |
125 | |
126 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Wed, 17 Jan 2007 11:58:29 +0100 |
127 | |
128 | courier-authlib (0.58-5) unstable; urgency=low |
129 | |
130 | * added dependency and build dependency on expect (Closes: #400812, |
131 | thanks to Peter Troeger <peter@troeger.eu> for the report) |
132 | |
133 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Wed, 29 Nov 2006 11:42:45 +0100 |
134 | |
135 | courier-authlib (0.58-4) unstable; urgency=medium |
136 | |
137 | * call dh_makeshlibs during binary-arch target in order to get proper shlib |
138 | information for libcourierauth.so (Closes: #378249, thanks to Charles |
139 | Fry <cfry@debian.org> for the report and Steinar H. Gunderson |
140 | <sesse@debian.org> for the patch) |
141 | * ensure that courier-authdaemon is upgraded when switching to courier-authlib |
142 | * switch to lsb logging functions (Closes: #384823, thanks to David Härdeman |
143 | <david@2gen.com> for the patch) |
144 | |
145 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Sat, 9 Sep 2006 17:37:11 +0200 |
146 | |
147 | courier-authlib (0.58-3.1) unstable; urgency=medium |
148 | |
149 | * Non-Maintainer Upload to fix security bug, caused by |
150 | /var/run/courier/authdaemon being world executable. Thanks to Martin |
151 | Ferrari for the fix. (Closes: #378571) |
152 | |
153 | -- Margarita Manterola <marga@debian.org> Tue, 1 Aug 2006 16:45:07 -0300 |
154 | |
155 | courier-authlib (0.58-3) unstable; urgency=low |
156 | |
157 | * remove all Courier runtime files on purge of courier-authdaemon |
158 | |
159 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Tue, 6 Jun 2006 04:48:20 +0200 |
160 | |
161 | courier-authlib (0.58-2) unstable; urgency=low |
162 | |
163 | * set ownership of /var/run/courier and /var/run/courier/authdaemon to |
164 | daemon.daemon (Closes: #368358, #368360) |
165 | |
166 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Tue, 23 May 2006 09:43:15 +0200 |
167 | |
168 | courier-authlib (0.58-1.0) unstable; urgency=low |
169 | |
170 | * first upload to unstable |
171 | |
172 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Fri, 12 May 2006 16:53:38 +0200 |
173 | |
174 | courier-authlib (0.58-0.4) experimental; urgency=low |
175 | |
176 | * changed alternative dependency for libmysqlclient-dev to |
177 | libmysqlclient15-dev (Closes: #356728, thanks to Stefan Huehner |
178 | <huehner@unix-ag.uni-kl.de> for the report) |
179 | |
180 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Tue, 14 Mar 2006 11:14:11 +0100 |
181 | |
182 | courier-authlib (0.58-0.3) experimental; urgency=low |
183 | |
184 | * courier-authlib-userdb conflicts with pre-authlib courier-base package |
185 | |
186 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Wed, 11 Jan 2006 09:33:10 +0100 |
187 | |
188 | courier-authlib (0.58-0.2) experimental; urgency=low |
189 | |
190 | * updated config.{guess,sub} to avoid FTBFS on some architectures |
191 | (Closes: #346105, thanks to Petr Salinger |
192 | <Petr.Salinger@t-systems.cz>) |
193 | |
194 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Fri, 6 Jan 2006 11:13:19 +0100 |
195 | |
196 | courier-authlib (0.58-0.1) experimental; urgency=low |
197 | |
198 | * new upstream release |
199 | * transition to new PostgreSQL architecture (Closes: #339297, thanks to |
200 | Martin Pitt <mpitt@debian.org> for the report and the patch) |
201 | * added courier-authlib-mysql/postgresql prerm/postinst scripts to |
202 | restart courier-authdaemon |
203 | |
204 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Thu, 5 Jan 2006 14:58:19 +0100 |
205 | |
206 | courier-authlib (0.57.20051004-2) experimental; urgency=low |
207 | |
208 | * ship configuration files with sane ownership/permissions |
209 | * restoring call to pam_acct_mgmt |
210 | |
211 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Fri, 11 Nov 2005 00:49:19 +0100 |
212 | |
213 | courier-authlib (0.57.20051004-1) experimental; urgency=low |
214 | |
215 | * new upstream release: |
216 | - contains authtest manual page and authpasswd script |
217 | * keep authtest name instead of renaming to courierauthtest, there are |
218 | currently no conflicts with other binaries |
219 | * separate package courier-authlib-pipe for authpipe module |
220 | * revive courier-authdaemon package to allow seamless upgrades from sarge |
221 | * changed FSF address in copyright file |
222 | * changed BuildDepends from libmysqlclient10-dev to libmysqlclient14-dev |
223 | * use DH_COMPAT=4 |
224 | |
225 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Tue, 25 Oct 2005 11:04:45 +0200 |
226 | |
227 | courier-authlib (0.56-0.5) experimental; urgency=low |
228 | |
229 | * added build dependency on procps (Closes: #311976, thanks to Kurt |
230 | Roeckx <kurt@roeckx.be> for the report) |
231 | |
232 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Sat, 4 Jun 2005 22:03:43 +0200 |
233 | |
234 | courier-authlib (0.56-0.4) experimental; urgency=low |
235 | |
236 | * provide proper LDAP configuration file instead of an empty one (thanks |
237 | to Peter Mann <Peter.Mann@tuke.sk> for the report) |
238 | |
239 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Tue, 31 May 2005 14:48:04 +0200 |
240 | |
241 | courier-authlib (0.56-0.3) experimental; urgency=low |
242 | |
243 | * added dependency to courier-authlib-dev on courier-authlib |
244 | * versioned dependencies for courier-authlib-* packages |
245 | |
246 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Tue, 31 May 2005 11:13:01 +0200 |
247 | |
248 | courier-authlib (0.56-0.2) experimental; urgency=low |
249 | |
250 | * removed check for openssl binary (Closes: #311175, thanks to Kenshi |
251 | Muto <kmuto@debian.org> for the report) |
252 | |
253 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Mon, 30 May 2005 13:23:02 +0200 |
254 | |
255 | courier-authlib (0.56-0.1) experimental; urgency=low |
256 | |
257 | * initial release |
258 | |
259 | -- Stefan Hornburg (Racke) <racke@linuxia.de> Fri, 27 May 2005 23:20:21 +0200 |
260 | |