5.4.16 - released 7-May-06

Release Notes:

More fixes to 5.4.14/5.4.15, hopefully leading to a useable, stable release
incorporating vpopmaild from the 5.5 branch.

There is an important security fix in this release, related to cleartext
passwords.  If cleartext passwords are enabled, and an account doesn't
have a cleartext password set, it is possible to authenticate with
SMTP AUTH and/or APOP methods using a blank password.

Once anonymous CVS is updated (after May 8), this link should show the
changes made to vchkpw.c:

http://cvs.sourceforge.net/viewcvs.py/vpopmail/vpopmail/vchkpw.c? r1=


Michael Krieger
- vpalias: Properly handle some empty search results.

Ken Jones
- vpalias: wasn't allocating enough memory for alias name in
  valias_select_names (missing one byte for NULL).

Jianbin Xiao
- vmysql: reconnect to server if connection was dropped.

Rick Widmer
- vpgsql: fix queries to allow domains starting with digits.

John Simpson
- vpgsql: fix compile errors introduced in 5.4.14.
- vdominfo: undo change from 5.4.14 that displayed alias domains

Toshihiko Kyoda
- vdelivermail: check for over quota when creating temp mail file.

Tom Collins
- vpalias: Fix double-free in code ported from 5.5 branch.
- valias: exit non-zero on error, send all errors to stderr.
- vchkpw: make sure we have cleartext pass before checking SMTP_AUTH
  or APOP logins.
- Remove vactivedir code since it's just a client for a non-existent

Reply via email to