5.4.16 - released 7-May-06
http://vpopmail.sf.net/
Release Notes:
More fixes to 5.4.14/5.4.15, hopefully leading to a useable, stable
release
incorporating vpopmaild from the 5.5 branch.
There is an important security fix in this release, related to cleartext
passwords. If cleartext passwords are enabled, and an account doesn't
have a cleartext password set, it is possible to authenticate with
SMTP AUTH and/or APOP methods using a blank password.
Once anonymous CVS is updated (after May 8), this link should show the
changes made to vchkpw.c:
http://cvs.sourceforge.net/viewcvs.py/vpopmail/vpopmail/vchkpw.c?
r1=1.11.2.4&r2=1.11.2.5&diff_format=u
ChangeLog
Michael Krieger
- vpalias: Properly handle some empty search results.
Ken Jones
- vpalias: wasn't allocating enough memory for alias name in
valias_select_names (missing one byte for NULL).
Jianbin Xiao
- vmysql: reconnect to server if connection was dropped.
Rick Widmer
- vpgsql: fix queries to allow domains starting with digits.
John Simpson
- vpgsql: fix compile errors introduced in 5.4.14.
- vdominfo: undo change from 5.4.14 that displayed alias domains
incorrectly.
Toshihiko Kyoda
- vdelivermail: check for over quota when creating temp mail file.
Tom Collins
- vpalias: Fix double-free in code ported from 5.5 branch.
- valias: exit non-zero on error, send all errors to stderr.
- vchkpw: make sure we have cleartext pass before checking SMTP_AUTH
or APOP logins.
- Remove vactivedir code since it's just a client for a non-existent
server.
