Mercurial > dovecot > original-hg > dovecot-2.1

changeset 7391:c73d6224a96b HEAD 1.1.rc3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Released v1.1.rc3.
author Timo Sirainen <tss@iki.fi>
date Sun, 09 Mar 2008 12:51:51 +0200
parents 04297ce26b78
children 88f0c016f766
files NEWS TODO configure.in
diffstat 3 files changed, 13 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/NEWS	Sun Mar 09 12:51:06 2008 +0200
+++ b/NEWS	Sun Mar 09 12:51:51 2008 +0200
@@ -1,3 +1,14 @@
+v1.1.rc3 2008-03-09  Timo Sirainen <tss@iki.fi>
+
+	* Fixed a security hole in blocking passdbs (MySQL always. PAM, passwd
+	  and shadow if blocking=yes) where user could specify extra fields
+	  in the password. The main problem here is when specifying
+	  "skip_password_check" introduced in v1.0.11 for fixing master user
+	  logins, allowing the user to log in as anyone without a valid
+	  password.
+
+	- mail_privileged_group was broken in some systems (OS X, Solaris?)
+
 v1.1.rc2 2008-03-08  Timo Sirainen <tss@iki.fi>
 
 	* mail_extra_groups setting was commonly used insecurely. This setting
--- a/TODO	Sun Mar 09 12:51:06 2008 +0200
+++ b/TODO	Sun Mar 09 12:51:51 2008 +0200
@@ -12,6 +12,7 @@
    - nfs support (cache flushes, how can write fail with ESTALE?)
    - is locking done right? it reads header without file being locked?
    - split after ~8 bytes?
+   - expunges are delayed until more mails are added
  - test replacement chars (SEARCH / SORT / Squat)
 
  - cache: compress when we can drop temporary fields.
--- a/configure.in	Sun Mar 09 12:51:06 2008 +0200
+++ b/configure.in	Sun Mar 09 12:51:51 2008 +0200
@@ -1,5 +1,5 @@
 AC_PREREQ([2.59])
-AC_INIT([dovecot],[1.1.rc2],[dovecot@dovecot.org])
+AC_INIT([dovecot],[1.1.rc3],[dovecot@dovecot.org])
 AC_CONFIG_SRCDIR([src])
 
 AM_INIT_AUTOMAKE