5.4.16 - released 7-May-06
More fixes to 5.4.14/5.4.15, hopefully leading to a useable, stable
incorporating vpopmaild from the 5.5 branch.
There is an important security fix in this release, related to cleartext
passwords. If cleartext passwords are enabled, and an account doesn't
have a cleartext password set, it is possible to authenticate with
SMTP AUTH and/or APOP methods using a blank password.
Once anonymous CVS is updated (after May 8), this link should show the
changes made to vchkpw.c:
- vpalias: Properly handle some empty search results.
- vpalias: wasn't allocating enough memory for alias name in
valias_select_names (missing one byte for NULL).
- vmysql: reconnect to server if connection was dropped.
- vpgsql: fix queries to allow domains starting with digits.
- vpgsql: fix compile errors introduced in 5.4.14.
- vdominfo: undo change from 5.4.14 that displayed alias domains
- vdelivermail: check for over quota when creating temp mail file.
- vpalias: Fix double-free in code ported from 5.5 branch.
- valias: exit non-zero on error, send all errors to stderr.
- vchkpw: make sure we have cleartext pass before checking SMTP_AUTH
or APOP logins.
- Remove vactivedir code since it's just a client for a non-existent