2006
qpopper (4.0.5.dfsg-0.1) unstable; urgency=low
* Non-maintainer upload. * Rebuild orig.tar.gz to remove non-free RFC documents (Closes: #393410). * Add ssmtp to Build-Depends to disambiguate m-t-a dependency.
-- Christoph Berg <myon@debian.org> Wed, 8 Nov 2006 15:00:22 +0100
qpopper (4.0.5-4.1) unstable; urgency=low
* Non-maintainer upload.
* Always set permissions on /var/spool/pop/ in qpopper-drac.postinst
(Closes: #313537).
* Drop unused debian/post{rm,inst}.
* Drop README.Debian.
* Bump Standards-Version.
-- Christoph Berg <myon@debian.org> Wed, 25 Jan 2006 12:13:37 +0100
2005
qpopper (4.0.5-4sarge1) testing-security; urgency=high
* Non-maintainer upload by the Security Team
* Applied upstream patch to fix unauthorised file read access
[popper/pop_config.c, CAN-2005-1151]
* Applied upstream patch to fix unauthorised file write access
[popper/popauth.c, CAN-2005-1151]
* Applied upstream patch to ensure that no group- or world-readable
files are created [popper/popauth.c, CAN-2005-1152]
-- Martin Schulze <joey@infodrom.org> Sat, 21 May 2005 08:44:44 +0200
2004
qpopper (4.0.5-4) unstable; urgency=low
* Removed RFC docs. (closes:Bug#199814, Bug#199815) * version 2.53 shouldn't be used any more. (closes:Bug#68830) * Couldn't be reproduced. (closes:Bug#132909) * libpam-pwdfile has been upgraded. (closes:Bug#144217) * Install script work normally on Alpha (closes:Bug#186969) * It's not a bug. (closes:Bug#207324, Bug#229676) * Readme.Debian has been updated. (closes:Bug#118169) * update dependencies to exim4. (closes:Bug#228577, Bug#228558) * added IPv6 support. (closes:Bug#193701)
-- Yu Guanghui <ygh@debian.org> Thu, 29 Jan 2004 19:23:00 +0800
2003
qpopper (4.0.5-3) unstable; urgency=low
* change build-dep from libgdbmg1-dev to libgdbm-dev. (closes:Bug#199597) * change drac from depend to suggest. (closes:Bug#199130) * fix typo "qpoper" in description. (closes:Bug#191983)
-- Yu Guanghui <ygh@debian.org> Wed, 2 Jul 2003 17:44:51 +0800
qpopper (4.0.5-2) unstable; urgency=low
* Fix wrong XMIT directory.
* We now put tmpXXXXXX, xmitXXXXXX to /var/mail, and put
.XXX.pop to /var/spool/pop.
-- Yu Guanghui <ygh@debian.org> Thu, 8 May 2003 13:44:16 +0800
qpopper (4.0.5-1) unstable; urgency=high
* New upstream release * upstream fix for the buffer overflow vulnerability. (closes:Bug#184399) * If /var/spool/pop exists, we won't touch it. But it should have group "mail", permission "2775". (closes:Bug#184578)
-- Yu Guanghui <ygh@debian.org> Fri, 14 Mar 2003 11:04:52 +0800
qpopper (4.0.4-9) unstable; urgency=low
* Fixed a remote buffer overflow caused by Qvnsprintf.
-- Yu Guanghui <ygh@debian.org> Wed, 12 Mar 2003 10:30:52 +0800
2002
qpopper (4.0.4-8) unstable; urgency=low
* Fixed wrong error message. Thanks for "Joern Heissler"
<joern at heissler.de>'s patch. (closes:Bug#160494)
* Caused by wrong permisson of /var/mail, not a bug.
(closes:Bug#154975)
-- Yu Guanghui <ygh@debian.org> Mon, 30 Dec 2002 21:52:01 +0800
qpopper (4.0.4-7) unstable; urgency=low
* Applied patche. Qpopper can work with Eudora clients and
openssl > 0.9.6e. (closes:Bug#161103)
-- Yu Guanghui <ygh@debian.org> Mon, 23 Sep 2002 08:35:54 +0800
qpopper (4.0.4-6) unstable; urgency=low
* It's not qpopper's bug. /var/mail should be owned by group
"mail", not "root". (closes:Bug#154975)
* The new package doesn't have this problem.
* Fixme: doesn't build
-- Yu Guanghui <ygh@debian.org> Wed, 14 Aug 2002 21:06:21 +0800
qpopper (4.0.4-5) unstable; urgency=low
* Sorry, I should close 150407. (closes:bug#150407)
-- Yu Guanghui <ygh@debian.org> Fri, 21 Jun 2002 08:01:27 +0800
qpopper (4.0.4-4) unstable; urgency=low
* Changed 'kill -1' to 'kill -s HUP' in postrm. (closes:bug#15407)
-- Yu Guanghui <ygh@debian.org> Thu, 20 Jun 2002 19:58:19 +0800
qpopper (4.0.4-3) unstable; urgency=low
* disable log-login in debian/rule. We now enable it in
qpopper.conf. For those who don't want this function, they
can disable it in configure file.
-- Yu Guanghui <ygh@debian.org> Tue, 28 May 2002 19:47:44 +0800
qpopper (4.0.4-2) unstable; urgency=high
* Fixed the long user bulldir buffer overflow. (closes:bug#144974) * ok, Moshe Zadka <moshez@debian.org>'s patch is better than the one I did, so apply this. ;-) Thanks.
-- Yu Guanghui <ygh@debian.org> Mon, 29 Apr 2002 10:13:41 +0800
qpopper (4.0.4-1) unstable; urgency=low
* New upstream release
-- Yu Guanghui <ygh@debian.org> Wed, 24 Apr 2002 09:37:17 +0800
qpopper (4.0.3-11) unstable; urgency=high
* Fixed hppa building error. (closes:bug#142281) * Forget close 126670 at early version. (closes:bug#126670)
-- Yu Guanghui <ygh@debian.org> Thu, 11 Apr 2002 18:10:35 +0800
qpopper (4.0.3-10) unstable; urgency=high
* Back ported the bug fix (closed at 4.0.3-8) from 4.0.4fc3.
The old patch maybe cause some problem at special cases.
-- Yu Guanghui <ygh@debian.org> Wed, 10 Apr 2002 23:30:41 +0800
qpopper (4.0.3-9) unstable; urgency=low
* Closed many old bugs, most of them has been fixed before. * lockfile has been put to /var/spool/pop (closes:bug#49122) * couldn't reproduce, and that more like fetchmail's bug. (closes:bug#57256). ok, this has been fixed in potato and new version hasn't this bug. (closes:bug#85069) * It has been fixed, but didn't close the bug. (closes:bug#65330) * Qpopper has a trace option now. (closes:bug#22008) * You can disable dns reverse lookup now. (closes:bug#22834) * APOP and PASS can work at sametime now. (closes:bug#60016) * It's not qpopper's failure. (closes:bug#65901)
-- Yu Guanghui <ygh@debian.org> Mon, 1 Apr 2002 21:19:34 +0800
qpopper (4.0.3-8) unstable; urgency=high
* popper.c line 486 should return NULL instead of break, or it will wrongly enter loop state. I have made another patch. Thanks for Christian Hammers' useful information.(closes:Bug#138535) * This is a security fix. It only affects version 4.0.x.
-- Yu Guanghui <ygh@debian.org> Wed, 16 May 2002 19:15:07 +0800
qpopper (4.0.3-7) unstable; urgency=low
* Builded new package qpopper-drac. (closes:Bug#120338)
-- Yu Guanghui <ygh@debian.org> Wed, 6 Feb 2002 21:50:15 +0800
2001
qpopper (4.0.3-6) unstable; urgency=low
* popauth should be suid.
-- Yu Guanghui <ygh@debian.org> Mon, 10 Dec 2001 19:10:02 +0800
qpopper (4.0.3-5) unstable; urgency=low
* Sorry, really change --with-apopuid to -enable-popuid this time.
-- Yu Guanghui <ygh@debian.org> Tue, 27 Nov 2001 09:17:39 +0800
qpopper (4.0.3-4) unstable; urgency=low
* change --enable-apoppuid to --enable-popuid. Type error.:(
Thanks to Vadim A Kutchin [amadis@chemi.komisc.ru].
* Using configure file now. (closes:Bug#116308)
-- Yu Guanghui <ygh@debian.org> Tue, 20 Nov 2001 13:29:28 +0800
qpopper (4.0.3-3) unstable; urgency=low
* Before call kill, check whether /var/run/inetd.pid exist.
(closes:Bug#103871)
-- Yu Guanghui <ygh@debian.org> Sun, 8 Jul 2001 18:32:16 +0800
qpopper (4.0.3-2) unstable; urgency=high
* Upload again with a high urgency.
* This version fixes a buffer overflow present in all version of 4.0.
It should be installed to unstable and testing as fast.(closes: Bug#101133)
-- Yu Guanghui <ygh@debian.org> Sun, 17 Jun 2001 09:28:06 +0800
qpopper (4.0.3-1) unstable; urgency=low
* New upstream release
-- Yu Guanghui <ygh@debian.org> Tue, 5 Jun 2001 20:58:01 +0800
qpopper (4.0.2-1) unstable; urgency=low
* New upstream release
-- Yu Guanghui <ygh@debian.org> Fri, 25 May 2001 22:45:09 +0800
qpopper (4.0-2) unstable; urgency=low
* Fixed the wrong installed manpage poppassd.8 (closes: Bug#94723) * Removed exim from build-depends. (closes: Bug#95099)
-- Yu Guanghui <ygh@debian.org> Wed, 25 Apr 2001 00:14:24 +0800
qpopper (4.0-1) unstable; urgency=low
* New upstream release
-- Yu Guanghui <ygh@debian.org> Tue, 17 Apr 2001 22:22:25 +0800
qpopper (3.1-4) unstable; urgency=low
*Add Build-depends and Depends: exim|mail-transport-agent. (closes: Bug#85032) *Priority moved from optional to extra.
-- Yu Guanghui <ygh@debian.org> Sat, 10 Feb 2001 12:26:12 +0800
qpopper (3.1-3) unstable; urgency=low
* Add Build-depends: libgdbmg1-dev, libpam0g-dev to debian/contrl. (closes: Bug#84893) * Couldn't reproduce Bug#82198, and didn't recieve any reply from reporter. (closes: Bug#82198)
-- Yu Guanghui <ygh@debian.org> Tue, 6 Feb 2001 22:04:15 +0800
2000
qpopper (3.1-2) frozen unstable; urgency=high
* Compiled with --enable-log-login. (closes: Bug#75784)
-- Yu Guanghui <ygh@debian.org> Sun, 29 Oct 2000 09:09:14 +0800
qpopper (3.1-1) frozen unstable; urgency=high
* New upstream release.(closes: Bug#75032, Bug#71085) * Compiled with PAM support. (closes: Bug#57305)
-- Yu Guanghui <ygh@debian.org> Fri, 27 Oct 2000 22:18:56 +0800
qpopper (2.53-5) frozen unstable; urgency=high
* Fix YET ANOTHER security hole that makes it possible to get a
shell, even with "group mail" priviliges. (closes: #64602, #64649, #64627).
See http://www.securityfocus.com/vdb/bottom.html?vid=1242
See also http://www.digibel.org/~b0f/advisors/b0f5-Qpopper.txt
-- Miquel van Smoorenburg <miquels@cistron.nl> Thu, 25 May 2000 14:53:36 +0200
qpopper (2.53-4) frozen unstable; urgency=high
* Fix security hole (fixes: #63730). Did not use the patch as supplied
on bugtraq, but fixed it myself. See debian/fgets1023.patch
* Added applied patches as seperate files in the source package and
also documented them in README.Debian.
* Fixed the pop-server virtual package stuff (fixes: #42409, #50629, #52273)
* Moved /usr/{man,doc} stuff to /usr/share/{man,doc}
The last 3 are only cosmetic and not code changes.
-- Miquel van Smoorenburg <miquels@cistron.nl> Sun, 14 May 2000 13:11:43 +0200
1999
qpopper (2.53-3) unstable; urgency=low
* Use fcntl (posix) locking everywhere instead of flock()
* Don't lock APOP database twice
* Fixes:
#29698: qpopper: flock() locks both .pag and .dir file which are the same
-- Miquel van Smoorenburg <miquels@cistron.nl> Thu, 29 Jul 1999 12:24:14 +0200
qpopper (2.53-2) unstable; urgency=high
* Turn on --enable-specialauth otherwise shadow support is not compiled in
* Fixes:
#40165: qpopper ignores -d
#40167: qpopper refuses correct p
#39789: qpopper: fails to validate passwords
#35374: qpopper: changelog and copyright
#27196: qpopper logs to /var/log/messages
#23872: qpopper appears to abort
-- Miquel van Smoorenburg <miquels@cistron.nl> Sun, 27 Jun 1999 20:42:08 +0200
qpopper (2.53-1) unstable; urgency=low
* Upgraded to latest released version - the license seems OK now.
-- Miquel van Smoorenburg <miquels@cistron.nl> Thu, 10 Jun 1999 16:12:43 +0200
1998
qpopper (2.3-5) unstable; urgency=low
* Added option -S to turn on "server mode" at runtime.
-- Miquel van Smoorenburg <miquels@cistron.nl> Thu, 19 Nov 1998 13:13:04 +0100
qpopper (2.3-4) frozen unstable; urgency=high
* Fix for remote root exploits
-- Miquel van Smoorenburg <miquels@cistron.nl> Sat, 27 Jun 1998 23:38:52 +0200
qpopper (2.3-3) frozen unstable; urgency=low
* Fixes bugs:
#22531: qpopper: POP3 server fails to sanity-check TOP requests
-- Miquel van Smoorenburg <miquels@cistron.nl> Tue, 19 May 1998 16:41:21 +0200
qpopper (2.3-2) frozen unstable; urgency=low
* Move back to DBM instead of DB
* Fixes:
#19847: qpopper unable to open POP authorization DB
-- Miquel van Smoorenburg <miquels@cistron.nl> Tue, 17 Mar 1998 23:07:43 +0100
qpopper (2.3-1) unstable; urgency=low
* Upgraded to latest free upstream version
* Fix lintian stuff
* Fixes:
#15305: qpopper: qpopper 2.4 is out
-- Miquel van Smoorenburg <miquels@cistron.nl> Sat, 14 Mar 1998 14:35:11 +0100
1997
qpopper (2.2-5) unstable; urgency=low
* libc6 version (2.4 is being worked on, but in the mean time..)
* Bugs fixed:
#10061: qpopper: program name error in man page:
says in.popper instead of in.qpopper
#12497: qpopper: doesnt work with md5 passwords
#13527: qpopper: libc6 patch
-- Miquel van Smoorenburg <miquels@cistron.nl> Wed, 22 Oct 1997 16:00:51 +0200
qpopper (2.2-4) frozen unstable; urgency=high
* Added /var/spool/pop directory to the package since netstd dropped it
* Compiled with support for /etc/popper.{allow,deny} file.
-- Miquel van Smoorenburg <miquels@cistron.nl> Mon, 28 Apr 1997 20:16:57 +0200
qpopper (2.2-3) unstable; urgency=low
* Fixed postinst not to send SIGHUP to inetd (fix for xinetd) * Fix for (possible) problem wrt NFS locking and Linux NFS client code.
-- Miquel van Smoorenburg <miquels@cistron.nl> Mon, 20 Jan 1997 10:12:44 +0100
1996
qpopper (2.2-2) unstable; urgency=low
* Fixed locking to work over NFS. * New source format
-- Miquel van Smoorenburg <miquels@cistron.nl> Fri, 13 Dec 1996 15:43:13 +0100
Old changelog format(s), not parsed
qpopper_2.2-1 o Fixed Description: line in control file. o Upgraded to popper2.2 qpopper-2.1.4-4 o Fixed Description: line in control file. o Fixed rewind() problem in pop_updt.c (caused mailboxes to start with a lot of zeros if new mail came in when using the qpopper) o debian.rules uses new style package names (with "_") qpopper-2.1.4-3 o Fixed locking problem qpopper-2.1.4-2 o Added shadow password support o Bulletin support is not defaulted anymore (needs -b flag) qpopper-2.1.4-1 o initial release Local variables: mode: debian-changelog End: