courier-authlib (0.58-4+etch3) stable-security; urgency=high * Non-maintainer upload by the security team * Fix regression in SQL query, when authenticating with a username and not a mail address Thanks to Micha Lenk for helping me spot this -- Steffen Joeris Sat, 20 Dec 2008 22:49:46 +0000 courier-authlib (0.58-4+etch2) stable-security; urgency=high * Non-maintainer upload by the security team * Avoid the use of pg_char_to_encoding(), because it is not defined in the libpq-fe.h version of postgres -- Steffen Joeris Mon, 15 Dec 2008 22:38:37 +0100 courier-authlib (0.58-4+etch1) stable-security; urgency=high * Non-maintainer upload by the security team * Fix several sql-injection vulnerabilities in authmysqllib.c by using mysql_set_character_set() and mysql_real_escape_string() (Closes: #485424) Fixes: CVE-2008-2667 * Fix several sql-injection vulnerabilities in authpgsqllib.c by using PQsetClientEncoding() and PQescapeStringConn() Fixes: CVE-2008-2380 -- Steffen Joeris Sun, 7 Dec 2008 09:28:07 +0000 courier-authlib (0.58-4) unstable; urgency=medium * call dh_makeshlibs during binary-arch target in order to get proper shlib information for libcourierauth.so (Closes: #378249, thanks to Charles Fry for the report and Steinar H. Gunderson for the patch) * ensure that courier-authdaemon is upgraded when switching to courier-authlib * switch to lsb logging functions (Closes: #384823, thanks to David Härdeman for the patch) -- Stefan Hornburg (Racke) Sat, 9 Sep 2006 17:37:11 +0200 courier-authlib (0.58-3.1) unstable; urgency=medium * Non-Maintainer Upload to fix security bug, caused by /var/run/courier/authdaemon being world executable. Thanks to Martin Ferrari for the fix. (Closes: #378571) -- Margarita Manterola Tue, 1 Aug 2006 16:45:07 -0300 courier-authlib (0.58-3) unstable; urgency=low * remove all Courier runtime files on purge of courier-authdaemon -- Stefan Hornburg (Racke) Tue, 6 Jun 2006 04:48:20 +0200 courier-authlib (0.58-2) unstable; urgency=low * set ownership of /var/run/courier and /var/run/courier/authdaemon to daemon.daemon (Closes: #368358, #368360) -- Stefan Hornburg (Racke) Tue, 23 May 2006 09:43:15 +0200 courier-authlib (0.58-1.0) unstable; urgency=low * first upload to unstable -- Stefan Hornburg (Racke) Fri, 12 May 2006 16:53:38 +0200 courier-authlib (0.58-0.4) experimental; urgency=low * changed alternative dependency for libmysqlclient-dev to libmysqlclient15-dev (Closes: #356728, thanks to Stefan Huehner for the report) -- Stefan Hornburg (Racke) Tue, 14 Mar 2006 11:14:11 +0100 courier-authlib (0.58-0.3) experimental; urgency=low * courier-authlib-userdb conflicts with pre-authlib courier-base package -- Stefan Hornburg (Racke) Wed, 11 Jan 2006 09:33:10 +0100 courier-authlib (0.58-0.2) experimental; urgency=low * updated config.{guess,sub} to avoid FTBFS on some architectures (Closes: #346105, thanks to Petr Salinger ) -- Stefan Hornburg (Racke) Fri, 6 Jan 2006 11:13:19 +0100 courier-authlib (0.58-0.1) experimental; urgency=low * new upstream release * transition to new PostgreSQL architecture (Closes: #339297, thanks to Martin Pitt for the report and the patch) * added courier-authlib-mysql/postgresql prerm/postinst scripts to restart courier-authdaemon -- Stefan Hornburg (Racke) Thu, 5 Jan 2006 14:58:19 +0100 courier-authlib (0.57.20051004-2) experimental; urgency=low * ship configuration files with sane ownership/permissions * restoring call to pam_acct_mgmt -- Stefan Hornburg (Racke) Fri, 11 Nov 2005 00:49:19 +0100 courier-authlib (0.57.20051004-1) experimental; urgency=low * new upstream release: - contains authtest manual page and authpasswd script * keep authtest name instead of renaming to courierauthtest, there are currently no conflicts with other binaries * separate package courier-authlib-pipe for authpipe module * revive courier-authdaemon package to allow seamless upgrades from sarge * changed FSF address in copyright file * changed BuildDepends from libmysqlclient10-dev to libmysqlclient14-dev * use DH_COMPAT=4 -- Stefan Hornburg (Racke) Tue, 25 Oct 2005 11:04:45 +0200 courier-authlib (0.56-0.5) experimental; urgency=low * added build dependency on procps (Closes: #311976, thanks to Kurt Roeckx for the report) -- Stefan Hornburg (Racke) Sat, 4 Jun 2005 22:03:43 +0200 courier-authlib (0.56-0.4) experimental; urgency=low * provide proper LDAP configuration file instead of an empty one (thanks to Peter Mann for the report) -- Stefan Hornburg (Racke) Tue, 31 May 2005 14:48:04 +0200 courier-authlib (0.56-0.3) experimental; urgency=low * added dependency to courier-authlib-dev on courier-authlib * versioned dependencies for courier-authlib-* packages -- Stefan Hornburg (Racke) Tue, 31 May 2005 11:13:01 +0200 courier-authlib (0.56-0.2) experimental; urgency=low * removed check for openssl binary (Closes: #311175, thanks to Kenshi Muto for the report) -- Stefan Hornburg (Racke) Mon, 30 May 2005 13:23:02 +0200 courier-authlib (0.56-0.1) experimental; urgency=low * initial release -- Stefan Hornburg (Racke) Fri, 27 May 2005 23:20:21 +0200