dovecot-1.1: Released v1.1.rc3.

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-1.1/rev/c73d6224a96b
changeset: 7391:c73d6224a96b
user:      Timo Sirainen <tss at iki.fi>
date:      Sun Mar 09 12:51:51 2008 +0200
description:
Released v1.1.rc3.

diffstat:

3 files changed, 13 insertions(+), 1 deletion(-)
NEWS         |   11 +++++++++++
TODO         |    1 +
configure.in |    2 +-

diffs (39 lines):

diff -r 04297ce26b78 -r c73d6224a96b NEWS
--- a/NEWS	Sun Mar 09 12:51:06 2008 +0200
+++ b/NEWS	Sun Mar 09 12:51:51 2008 +0200
@@ -1,3 +1,14 @@ v1.1.rc2 2008-03-08  Timo Sirainen <tss@
+v1.1.rc3 2008-03-09  Timo Sirainen <tss at iki.fi>
+
+	* Fixed a security hole in blocking passdbs (MySQL always. PAM, passwd
+	  and shadow if blocking=yes) where user could specify extra fields
+	  in the password. The main problem here is when specifying
+	  "skip_password_check" introduced in v1.0.11 for fixing master user
+	  logins, allowing the user to log in as anyone without a valid
+	  password.
+
+	- mail_privileged_group was broken in some systems (OS X, Solaris?)
+
 v1.1.rc2 2008-03-08  Timo Sirainen <tss at iki.fi>
 
 	* mail_extra_groups setting was commonly used insecurely. This setting
diff -r 04297ce26b78 -r c73d6224a96b TODO
--- a/TODO	Sun Mar 09 12:51:06 2008 +0200
+++ b/TODO	Sun Mar 09 12:51:51 2008 +0200
@@ -12,6 +12,7 @@
    - nfs support (cache flushes, how can write fail with ESTALE?)
    - is locking done right? it reads header without file being locked?
    - split after ~8 bytes?
+   - expunges are delayed until more mails are added
  - test replacement chars (SEARCH / SORT / Squat)
 
  - cache: compress when we can drop temporary fields.
diff -r 04297ce26b78 -r c73d6224a96b configure.in
--- a/configure.in	Sun Mar 09 12:51:06 2008 +0200
+++ b/configure.in	Sun Mar 09 12:51:51 2008 +0200
@@ -1,5 +1,5 @@ AC_PREREQ([2.59])
 AC_PREREQ([2.59])
-AC_INIT([dovecot],[1.1.rc2],[dovecot at dovecot.org])
+AC_INIT([dovecot],[1.1.rc3],[dovecot at dovecot.org])
 AC_CONFIG_SRCDIR([src])
 
 AM_INIT_AUTOMAKE