LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora Core 3 Update: dovecot-0.99.13-3.FC3 Print E-mail
User Rating:      How can I rate this item?
Posted by Joseph Shakespeare   
Fedora This is a bug fix update for the Dovecot IMAP server. This brings the Red Hat Dovecot rpm up to date with the latest upstream release from Timo Sirainen, version 0.99.13 released on Jan 6th 2005.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-038
2005-01-18
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : dovecot
Version     : 0.99.13                      
Release     : 3.FC3                  
Summary     : Dovecot Secure imap server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind.  It also contains a small POP3 server.  It supports mail
in either of maildir or mbox formats.

---------------------------------------------------------------------
Update Information:

This is a bug fix update for the Dovecot IMAP server. This brings the
Red Hat Dovecot rpm up to date with the latest upstream release from
Timo Sirainen, version 0.99.13 released on Jan 6th 2005.

Upstream Fixes are noted below and below that are Red Hat specific
fixes.

Please note there have been some changes to the /etc/dovecot.conf
file. When the rpm installs it may create /etc/dovecot.conf.rpmnew
file with the new version of the config file while preserving your
previous /etc/dovecot.conf file if you have modified the config
file. It would be prudent to compare the two files and see if you need
to adjust your configuration.

This version of the rpm also reverts a configuration file change that
appeared in dovecot-0.99.13-2.FC3 which had disabled overriding the
default mbox_locks value of "fcntl dotlock". This caused the creation
of dotlocks in addition to fcntl. This was a change from the previous
behavior and created some problems. The previous mbox_lock value of
fcntl only was restored to the config file.

Aside from the upstream fixes notable change in the RPM include:

- University of Washington Imap (UW Imap) migration documentation and
  scripts in the doc area (/usr/share/doc/dovecot-*)

- More example configurations in the doc area.

- The script to generate SSL certificates (mkcert in the doc area) now
  is congruent with Red Hat's OpenSSL rpm.

- The init.d script now starts dovecot later (it used to start it
  before named). If this problem was affecting your installation
  you'll have to chkconfig del and add to recreate the rc.d sym links,
  new installations will automatically pick up the new start order.

- Add a Red Specific FAQ to the doc area, mostly to address issues
  some sites were having with dot lock file creation.

====== Upstream Fixes ======

0.99.13

	* GNUTLS support hasn't been working for a while, so it's not even
	  tried to be used anymore unless explicitly wanted.
	+ Added CRAM-MD5 authentication mechanism. Patch by Joshua Goodall
	+ Added SMD5 and LDAP-MD5 password schemes and changed MD5 scheme to
	  use LDAP-MD5 if the password isn't in MD5crypt format. Patch by
	  Joshua Goodall
	+ Workaround for some POP3 client bugs: if message doesn't contain the
	  "end of headers" empty line, add it automatically.
	+ vpopmail supports now all password schemes, most importantly
	  MD5crypt works now without support from libc's crypt()
	- SQL and LDAP authentication was broken
	- SEARCH UNKEYWORD wasn't working

0.99.12

	- Fix memory leaks in LDAP, MySQL and PGSQL userdb/passdb
	- Fix hanging when parsing mails that have over 4096 bytes in one
	  line (SMTP servers normally don't allow over 1000 bytes so it
	  shouldn't be much of a problem)
	- FETCH BODYSTRUCTURE sometimes gave a wrong reply
	  (eg. with FETCH (BODYSTRUCTURE RFC822.SIZE) if it wasn't cached)
	- Never return more than one INBOX in LIST even if there are such
	  files. They don't work anyway and it just confuses clients.
	- mbox: Don't allow creating INBOX directory by creating/renaming
	  mailboxes under it. They just wouldn't work.
	- POP3: Don't return PLAIN in SASL list. We don't support initial SASL
	  responses, so it only breaks with most clients that try to use it.
	- IMAP and POP3 login processes may have sent each line in two IP
	  packets, one with the data and another with CR+LF. Some clients
	  didn't work because of this.

====== Red Hat RPM Fixes ======

- fix bug #145214, mbox_lock is fcntl only in config file, remove dotlock default
- fix bug #145241, remove errant dependency on primary postgres & mysql rpms
- add REDHAT-FAQ.txt to doc directory
- fix bug #143707, bring up to date with latest upstream, 0.99.13, 
- fix bug #14462, bad dovecot-uid macro name
- fix bug #133618, removed LITERAL+ capability from capability string
- fix bug #134325, stop dovecot during installation
- fix bug #129539, dovecot starts too early,
  set chkconfig to 65 35 to match cyrus-imapd
- fix bug #139954, add UW to Dovecot migration documentation and scripts
- fix bug #139276, fix SSL documentation and scripts, add missing documentation
- fix bug #136623 Change License field from GPL to LGPL to reflect
  actual license
- fix bug #124786, listen to ipv6 as well as ipv4
---------------------------------------------------------------------
* Mon Jan 17 2005 John Dennis  0.99.13-3.FC3

- fix bug #145214, force mbox_locks to fcntl only
- fix bug #145241, remove prereq on postgres and mysql, allow rpm auto
  dependency generator to pick up client lib dependency if needed.


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

3a82e63da2755780a9c3c7133735ee9a  SRPMS/dovecot-0.99.13-3.FC3.src.rpm
d839e7d2b9fa855e48a35cfca5518cc0  x86_64/dovecot-0.99.13-3.FC3.x86_64.rpm
70804d49eb34b4465b9728eafb9b2596  x86_64/debug/dovecot-debuginfo-0.99.13-3.FC3.x86_64.rpm
c995c35d5e3b5f41781ad17a0e2938fb  i386/dovecot-0.99.13-3.FC3.i386.rpm
e72e883d6506a1a992605398ef4d1ade  i386/debug/dovecot-debuginfo-0.99.13-3.FC3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------


-- 
John Dennis 

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.