Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock 1:2.1.7-7 when it becomes eligible for testing. It fixes
the following RC bugs:
#696817 - I have removed the code that modified peoples configuration
files altogether.
#696820 - Not so much a fix per se but I have thoroughly documented the
issue so users will atleast be aware of the situation.
...and two other trivial problems:
#694376 - Just a change of dependencies in debian/control.
#698941 - /etc/dovecot/README contained the wrong path to the example
configuration. Two makefile variables were all that was needed to
change to fix this.
A diff of the changes is attached.
--
Jaldhar H. Vyas <jald...@debian.org>
debian/changelog | 18 ++++
debian/control | 6 +-
debian/dovecot-core.NEWS | 29 ++-----
debian/dovecot-core.README.Debian | 173 +++++++++++++++++++++++--------------
debian/dovecot-core.postinst | 11 +--
debian/patches/exampledir.patch | 38 ++++++++
debian/patches/series | 1 +
7 files changed, 175 insertions(+), 101 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 2c182b4..aff33ee 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+dovecot (1:2.1.7-7) unstable; urgency=high
+
+ * If you are upgrading from stable or earlier versions of this package
+ from testing/unstable please carefully read
+ /usr/share/doc/dovecot-core/README.Debian.gz for important information
+ about changes.
+ * [0d74b31] Move Breaks/Replaces mailavenger from dovecot-common to
+ dovecot-core (Closes: #694376)
+ * [a8030a1] Revamped dovecot-cores README.Debian by adding any info I could
+ think of in order to ease upgrade problems. (Closes: #696820)
+ * [04798d3] Don't touch 10-ssl.conf at all. Eventually I will DTRT with
+ regards to the default generated ssl certificates but in the mean time
+ this will do the least mischief. (Closes: #696817)
+ * [fde17d1] Patch to make /etc/dovecot/readme point to the right place for
+ the example configuration. (Closes: #698941)
+
+ -- Jaldhar H. Vyas <jald...@debian.org> Mon, 04 Feb 2013 16:27:17 -0500
+
dovecot (1:2.1.7-6) unstable; urgency=high
* WARNING: in order to get this package into wheezy some functionality
diff --git a/debian/control b/debian/control
index 50eb792..4771f88 100644
--- a/debian/control
+++ b/debian/control
@@ -14,8 +14,6 @@ Section: oldlibs
Priority: extra
Architecture: all
Depends: ${shlibs:Depends}, ${misc:Depends}, dovecot-core
-Breaks: mailavenger (<< 0.8.1-4)
-Replaces: mailavenger (<< 0.8.1-4)
Recommends: dovecot-gssapi, dovecot-sieve, dovecot-pgsql, dovecot-mysql, dovecot-sqlite, dovecot-ldap
Suggests: dovecot-managesieved
Description: Transitional package for dovecot
@@ -27,8 +25,8 @@ Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 0.76-13.1), openssl, adduser, ucf (>= 2.0020)
Suggests: ntp, dovecot-gssapi, dovecot-sieve, dovecot-pgsql, dovecot-mysql, dovecot-sqlite, dovecot-ldap, dovecot-imapd, dovecot-pop3d, dovecot-lmtpd, dovecot-managesieved, dovecot-solr
Provides: dovecot-common
-Replaces: dovecot-common (<< 1:2.0.14-2~)
-Breaks: dovecot-common (<< 1:2.0.14-2~)
+Replaces: dovecot-common (<< 1:2.0.14-2~), mailavenger (<< 0.8.1-4)
+Breaks: dovecot-common (<< 1:2.0.14-2~), mailavenger (<< 0.8.1-4)
Description: secure mail server that supports mbox, maildir, dbox and mdbox mailboxes
Dovecot is a mail server whose major goals are security and extreme
reliability. It tries very hard to handle all error conditions and verify that
diff --git a/debian/dovecot-core.NEWS b/debian/dovecot-core.NEWS
index f43bbf0..6614bd9 100644
--- a/debian/dovecot-core.NEWS
+++ b/debian/dovecot-core.NEWS
@@ -1,24 +1,11 @@
-dovecot (1:2.1.7-3) unstable; urgency=low
-
- * It was pointed out in bug #608719 that dovecots generated x.509
- certificates should not be kept in /etc/ssl/certs. As of this
- version they are now created in /etc/dovecot on new installs.
- If you have an existing install, you can keep your certificates
- where they are or move them yourself.
- 1. Move /etc/ssl/certs/dovecot.pem to /etc/dovecot
- 2. Create a directory called /etc/dovecot/private owned by root:root
- with 0700 permissions.
- 3. Move /etc/ssl/certs/private/dovecot.pem to /etc/dovecot/private
- 4. In /etc/dovecot/conf.d/10-ssl.conf make sure you have these lines:
- ssl_cert = </etc/dovecot/dovecot.pem
- ssl_key = </etc/dovecot/private/dovecot.pem
- 5. Restart dovecot.
-
- * Instead of starting via inetd and tcpd, there is TCP wrapper support
- now. See http://wiki2.dovecot.org/LoginProcess and
- /etc/dovecot/conf.d/10-tcpwrapper.conf
-
- -- Jaldhar H. Vyas <jald...@debian.org> Thu, 27 Sep 2012 05:33:08 -0400
+dovecot (1:2.1.7-7) unstable; urgency=high
+
+ * If you are upgrading from stable or the earlier 2.1.7 packages in testing,
+ you are advised to backup your configuration files before continuing.
+ Carefully read /usr/share/doc/dovecot-core/README.Debian.gz for important
+ information about problems that might affect your upgrade.
+
+ -- Jaldhar H. Vyas <jald...@debian.org> Mon, 04 Feb 2013 16:27:17 -0500
dovecot (1:2.0.5-1) experimental; urgency=low
diff --git a/debian/dovecot-core.README.Debian b/debian/dovecot-core.README.Debian
index 69c560d..794163e 100644
--- a/debian/dovecot-core.README.Debian
+++ b/debian/dovecot-core.README.Debian
@@ -13,29 +13,47 @@ will reflect this difference, even if not set in the config file.
Upgrading from 1.2 (squeeze) to 2.0 (wheezy)
--------------------------------------------
-A lot of settings have changed. Dovecot v2.0 can still use most of the
-v1.x configuration files, but it logs a lot of warnings at startup.
-A quick and easy way to convert your old config file to v2.0 format is:
-
-doveconf -n -c dovecot-1.conf > dovecot-2.conf
-
-This command logs a warning about each obsolete setting it converts to
-the new format. You can either go through the warnings to figure out
-what changes exactly were done, or you can simply trust doveconf and
-replace your old config with the newly generated one.
-
-Other important changes are:
-
- * Dovecot uses two system users for internal purposes now by
- default: "dovenull" and "dovecot". "dovenull" user is used by
- completely untrustworthy processes, while "dovecot" user is used
- for slightly more trusted processes.
-
- * In conf.d/10-mail.conf, the default mail_location is set to
+ * If you are upgrading from 1.2.15 in stable, be aware that a lot of settings
+ have changed. Dovecot v2.0 can still use most of the v1.x configuration
+ files, but it logs a lot of warnings at startup. A quick and easy way to
+ convert your old config file to v2.0 format is:
+
+ doveconf -n -c dovecot-1.conf > dovecot-2.conf
+
+ This command logs a warning about each obsolete setting it converts to
+ the new format. You can either go through the warnings to figure out
+ what changes exactly were done, or you can simply trust doveconf and
+ replace your old config with the newly generated one.
+
+ * The biggest problem reported so far is due to an unfortunate packaging
+ error in earlier versions of the 2.1.7 packages that left several files
+ in /etc/dovecot/conf.d unmarked as conf files. This meant that dpkg
+ didn't give them its usual protection against the overwriting of user
+ changes and silently changed them to them to the package defaults even if
+ you made your own local modifications. This was fixed in -3. Who is
+ affected by this bug?
+
+ + if you are upgrading to this version from 1.2.15 in stable you are not
+ affected.
+ + if you are upgrading from 2.1.7 -3 or higher, you are not affected.
+ + if you are upgrading from 2.1.7 -2 or -1 from unstable, testing, or
+ backports, you might be affected.
+
+ If you are affected, check all the files in /etc/dovecot/conf.d
+ carefully and remerge your local changes. Sorry for the inconvenience;
+ this should not happen again.
+
+ If you want to be absolutely sure nothing will happen to your
+ configuration you can add it to /etc/dovecot/local.conf which is
+ completely untouched by the dovecot package.
+
+ * In conf.d/10-mail.conf, the default mail_location is set by default to
mbox:~/mail:INBOX=/var/mail/%u
This has to be set because Dovecots auto-detection of mailboxes fails
when a user has no mail. I tried to provide a reasonable default
- but advanced users will certainly want to change this.
+ but advanced users will certainly want to change this. People affected
+ by the conf file bug mentioned above should also check that it is set
+ to the right values.
Related to this, you might see an error in the logs about dovecot not
being able to chgrp certain files. This is because the default user
@@ -46,52 +64,75 @@ Other important changes are:
you can set mail_location (and the equivalent settings in your MDA) so
that mailboxes are in the users home directory.
- * No more convert plugin, use dsync instead
-
- * No more expire-tool, use doveadm expunge instead. Also expire
- configuration is different.
-
- * Post-login scripts are configured differently and need to be modified
-
- * Quota warnings are configured differently and the script may need
- to be modified (most environment settings like $USER are gone)
-
- * Global ACL filenames now require namespace prefix (e.g. if you use
- "INBOX." prefix, /etc/acls/foo needs to be renamed to
- /etc/acls/INBOX.foo
-
- * Maildir: Permissions for newly created mail files are no longer
- copied from dovecot-shared file, but instead from the mail
- directory (e.g. for "foo" mailbox, they're taken from
- ~/Maildir/.foo directory)
-
- * dbox: v2.0 format is slightly different, but backwards
- compatible. The main problem is that v2.0 no longer supports
- maildir-dbox hybrid resulting from "fast Maildir migration". If
- you have any Maildir files in your dbox, you need to convert them
- somehow (some examples). You might also consider using dsync to
- get rid of the old unused metadata in your dbox files.
-
-
- * Pre-login and post-login CAPABILITY reply is now
- different. Dovecot expects clients to recognize new automatically
- sent capabilities. This should work with all commonly used
- clients, but some rarely used clients might have problems. Either
- get the client fixed, or set imap_capability manually.
-
- * ManageSieve protocol was assigned an official port by IANA:
- 4190. This is used by Pigeonhole by default now. If you want to
- listen also on the old 2000 port, see the example in
- /usr/share/doc/dovecot-common/wiki/ManageSieve.Configuration.txt.gz
-
- * deliver binary was renamed to dovecot-lda (but a symlink still
- exists for now)
-
- * deliver -n parameter was replaced by lda_mailbox_autocreate
- setting. The default also changed to "no".
-
- * deliver -s parameter was replaced by lda_mailbox_autosubscribe
- setting. The default is "no", as before.
+ Users bitten by the conf file bug or who did not have mail_location set
+ at all may have found that mailbox detection worked anyway so they often
+ ask me why it is necessary for the package to set it at all. Strictly
+ speaking, it is not but we are trying to make the package plug-and-play
+ for first time users while keeping things flexible for more advanced
+ users and this is the best compromise that can be made.
+
+ * Another file whose presence may cause problems is
+ /etc/dovecot/conf.d/15-mailboxes.conf which defines mailboxes. By default
+ this requires a "namespace inbox" section in
+ /etc/dovecot/conf.d/10-mail.conf. Either add that namespace or comment out
+ the contents of this file.
+
+ * It was pointed out in bug #608719 that dovecots generated x.509
+ certificates should not be kept in /etc/ssl/certs. As of this
+ version they are now created in /etc/dovecot on new installs.
+ If you have an existing install, you can keep your certificates
+ where they are or move them yourself.
+ 1. Move /etc/ssl/certs/dovecot.pem to /etc/dovecot
+ 2. Create a directory called /etc/dovecot/private owned by root:root
+ with 0700 permissions.
+ 3. Move /etc/ssl/certs/private/dovecot.pem to /etc/dovecot/private
+ 4. In /etc/dovecot/conf.d/10-ssl.conf make sure you have these lines:
+ ssl_cert = </etc/dovecot/dovecot.pem
+ ssl_key = </etc/dovecot/private/dovecot.pem
+ 5. Restart dovecot.
+
+ Owing to another packaging bug, if you did not remove the generated
+ certificates but did modify ssl_cert and ssl_key in
+ /etc/dovecot/conf.d/10-ssl.conf to point somewhere else, your changes
+ could have been overwritten in -6. This is fixed in this version.
+
+ * Other important changes from 1.2.x are:
+
+ + Dovecot uses two system users for internal purposes now by
+ default: "dovenull" and "dovecot". "dovenull" user is used by
+ completely untrustworthy processes, while "dovecot" user is used
+ for slightly more trusted processes.
+ + No more convert plugin, use dsync instead
+ + Post-login scripts are configured differently and need to be modified
+ + Quota warnings are configured differently and the script may need
+ to be modified (most environment settings like $USER are gone)
+ + Global ACL filenames now require namespace prefix (e.g. if you use
+ "INBOX." prefix, /etc/acls/foo needs to be renamed to /etc/acls/INBOX.foo
+ + Maildir: Permissions for newly created mail files are no longer
+ copied from dovecot-shared file, but instead from the mail
+ directory (e.g. for "foo" mailbox, they're taken from
+ ~/Maildir/.foo directory)
+ + dbox: v2.0 format is slightly different, but backwards
+ compatible. The main problem is that v2.0 no longer supports
+ maildir-dbox hybrid resulting from "fast Maildir migration". If
+ you have any Maildir files in your dbox, you need to convert them
+ somehow (some examples). You might also consider using dsync to
+ get rid of the old unused metadata in your dbox files.
+ + Pre-login and post-login CAPABILITY reply is now
+ different. Dovecot expects clients to recognize new automatically
+ sent capabilities. This should work with all commonly used
+ clients, but some rarely used clients might have problems. Either
+ get the client fixed, or set imap_capability manually.
+ + ManageSieve protocol was assigned an official port by IANA:
+ 4190. This is used by Pigeonhole by default now. If you want to
+ listen also on the old 2000 port, see the example in
+ /usr/share/doc/dovecot-common/wiki/ManageSieve.Configuration.txt.gz
+ + deliver binary was renamed to dovecot-lda (but a symlink still
+ exists for now)
+ + deliver -n parameter was replaced by lda_mailbox_autocreate
+ setting. The default also changed to "no".
+ + deliver -s parameter was replaced by lda_mailbox_autosubscribe
+ setting. The default is "no", as before.
Upgrading from 1.0 (lenny) to 1.2 (squeeze)
--------------------------------------------
diff --git a/debian/dovecot-core.postinst b/debian/dovecot-core.postinst
index 95a9477..4c82236 100644
--- a/debian/dovecot-core.postinst
+++ b/debian/dovecot-core.postinst
@@ -133,16 +133,7 @@ if [ "$1" = "configure" ]; then
echo "However you should move them out of /etc/ssl"
echo "and into /etc/dovecot and update the configuration"
echo "in /etc/dovecot/conf.d/10-ssl.conf accordingly."
- echo "See /usr/share/doc/dovecot-core/NEWS.Debian.gz for details."
- perl -i -nE "
- if (/^\w*?ssl_cert/) {
- say 'ssl_cert = <$OLD_SSL_CERT'
- }
- elsif (/^\w*?ssl_key/) {
- say 'ssl_key = <$OLD_SSL_KEY'
- } else {
- print;
- }" /etc/dovecot/conf.d/10-ssl.conf
+ echo "See /usr/share/doc/dovecot-core/README.Debian.gz for details."
# Generate new certs if needed
elif [ -e $SSL_CERT ] || [ -e $SSL_KEY ]; then
echo "You already have ssl certs for dovecot."
diff --git a/debian/patches/exampledir.patch b/debian/patches/exampledir.patch
new file mode 100644
index 0000000..dbd077d
--- /dev/null
+++ b/debian/patches/exampledir.patch
@@ -0,0 +1,38 @@
+From: Jaldhar H. Vyas <jald...@debian.org>
+Date: Mon, 04 Feb 2013 15:55:06 +0000
+Subject: wrong pointer to exampledir
+Description: The file /etc/dovecot/README sends the user to a directory
+/usr/share/doc/dovecot/example-config/, but the real path should be
+/usr/share/doc/dovecot-core/example-config/
+Bug: #698941
+
+ doc/example-config/Makefile.in | 2 +-
+ doc/example-config/conf.d/Makefile.in | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/doc/example-config/Makefile.in b/doc/example-config/Makefile.in
+index 687ec24..c463065 100644
+--- a/doc/example-config/Makefile.in
++++ b/doc/example-config/Makefile.in
+@@ -296,7 +296,7 @@ top_srcdir = @top_srcdir@
+ SUBDIRS = conf.d
+ pkgsysconfdir = $(sysconfdir)/dovecot
+ nodist_pkgsysconf_DATA = README
+-exampledir = $(docdir)/example-config
++exampledir = $(datarootdir)/doc/dovecot-core/example-config
+ example_DATA = \
+ dovecot.conf \
+ dovecot-db.conf.ext \
+diff --git a/doc/example-config/conf.d/Makefile.in b/doc/example-config/conf.d/Makefile.in
+index 8292a36..49f93f2 100644
+--- a/doc/example-config/conf.d/Makefile.in
++++ b/doc/example-config/conf.d/Makefile.in
+@@ -253,7 +253,7 @@ top_build_prefix = @top_build_prefix@
+ top_builddir = @top_builddir@
+ top_srcdir = @top_srcdir@
+ pkgsysconfdir = $(sysconfdir)/dovecot
+-exampledir = $(docdir)/example-config/conf.d
++exampledir = $(datarootdir)/doc/dovecot-core/example-config/conf.d
+ example_DATA = \
+ auth-checkpassword.conf.ext \
+ auth-deny.conf.ext \
diff --git a/debian/patches/series b/debian/patches/series
index e92a813..fa55637 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,4 @@ tcpwrapper.patch
utf8-namespace.patch
default-mail_location.patch
chgrp-error.patch
+exampledir.patch