dovecot-1.1: Released v1.1.rc3.
dovecot at dovecot.org
dovecot at dovecot.org
Sun Mar 9 13:04:51 EET 2008
details: http://hg.dovecot.org/dovecot-1.1/rev/c73d6224a96b
changeset: 7391:c73d6224a96b
user: Timo Sirainen <tss at iki.fi>
date: Sun Mar 09 12:51:51 2008 +0200
description:
Released v1.1.rc3.
diffstat:
3 files changed, 13 insertions(+), 1 deletion(-)
NEWS | 11 +++++++++++
TODO | 1 +
configure.in | 2 +-
diffs (39 lines):
diff -r 04297ce26b78 -r c73d6224a96b NEWS
--- a/NEWS Sun Mar 09 12:51:06 2008 +0200
+++ b/NEWS Sun Mar 09 12:51:51 2008 +0200
@@ -1,3 +1,14 @@ v1.1.rc2 2008-03-08 Timo Sirainen <tss@
+v1.1.rc3 2008-03-09 Timo Sirainen <tss at iki.fi>
+
+ * Fixed a security hole in blocking passdbs (MySQL always. PAM, passwd
+ and shadow if blocking=yes) where user could specify extra fields
+ in the password. The main problem here is when specifying
+ "skip_password_check" introduced in v1.0.11 for fixing master user
+ logins, allowing the user to log in as anyone without a valid
+ password.
+
+ - mail_privileged_group was broken in some systems (OS X, Solaris?)
+
v1.1.rc2 2008-03-08 Timo Sirainen <tss at iki.fi>
* mail_extra_groups setting was commonly used insecurely. This setting
diff -r 04297ce26b78 -r c73d6224a96b TODO
--- a/TODO Sun Mar 09 12:51:06 2008 +0200
+++ b/TODO Sun Mar 09 12:51:51 2008 +0200
@@ -12,6 +12,7 @@
- nfs support (cache flushes, how can write fail with ESTALE?)
- is locking done right? it reads header without file being locked?
- split after ~8 bytes?
+ - expunges are delayed until more mails are added
- test replacement chars (SEARCH / SORT / Squat)
- cache: compress when we can drop temporary fields.
diff -r 04297ce26b78 -r c73d6224a96b configure.in
--- a/configure.in Sun Mar 09 12:51:06 2008 +0200
+++ b/configure.in Sun Mar 09 12:51:51 2008 +0200
@@ -1,5 +1,5 @@ AC_PREREQ([2.59])
AC_PREREQ([2.59])
-AC_INIT([dovecot],[1.1.rc2],[dovecot at dovecot.org])
+AC_INIT([dovecot],[1.1.rc3],[dovecot at dovecot.org])
AC_CONFIG_SRCDIR([src])
AM_INIT_AUTOMAKE
More information about the dovecot-cvs
mailing list