0.66.4 2015-11-14 "Hanno Böck" * authgetconfig.c (authgetconfig): avoid invalid memory read. 0.66.3 2015-06-09 Sam Varshavchik * authdaemon.c: auth_callback_default_autocreate, default callback used by clients that autocreates a home directory, if one does not exist already. 0.66.2 2015-02-28 Sam Varshavchik * Update to courier-unicode 1.2. 2014-07-13 Sam Varshavchik * liblock, couriertls: fix compilation for OpenBSD -- based on a patch from Giovanni Bechis . 2014-07-04 Sam Varshavchik * checkpassword.c (safe_strcmp): Fix bug introduced in 2014-04-27. 2014-04-27 Sam Varshavchik * courier.spec.in: Update to use systemd macros. * Check for NULL return value from crypt(). 2014-01-12 Sam Varshavchik * Factored out the unicode library into a separate package. 2013-10-08 Sam Varshavchik * Makefile.am: run sysconftool on authsqliterc, in install-configure. Remove .la files for authentication modules, keep then for actual API libraries. Install them in the -devel RPM package. * userdb/Makefile.am: Stub for the pw2userdb(8) man page. * courier-authlib.service.in: Added Install target. 0.66 2013-03-02 Eray Aslan * sqlite fixes. 2013-02-24 Lutz Behnke * authldaplib.c (ldapopen): Added LDAP_INITBIND option. 2013-01-06 Sam Varshavchik * Makefile.am: chmod $(pkglibexecdir) explicitly to 755 2012-10-25 Sam Varshavchik * courier-authlib.spec.in: Typo. 0.65.0 2012-10-06 Sam Varshavchik * New authsqlite authentication module. * Fixed: when using authpgsql, if the Postgres server goes down authpgsql will then start leaking memory. * Fixed error codes returned by several authentication modules that prevent certain combinations of authentication modules from being used together. 0.64.0 2012-04-23 Sam Varshavchik * authpam.c (callback_pam): Call pam_end() after an authentication attempt. 2011-08-02 Sam Varshavchik * Makefile.am: Renamed authstaticlist.h to courierauthstaticlist.h, and added it to the list of header files that 'make install' puts into includedir. 2011-06-19 Sam Varshavchik * Fix gcc 4.6 warnings * courier.spec.in: switch to systemd. 2011-05-25 Sam Varshavchik * Fix autoconf warnings. 2010-03-08 Sam Varshavchik * courier-authlib.spec: Make rmplint happy. 0.63.1 2010-03-06 Sam Varshavchik * Remove the bundled libtdl library. Require the system-installed libltdl library. 2010-01-31 Brian Costello * authmysqllib.c (auth_mysql_setpass): Fix crash if DEFAULT_DOMAIN is not set in the config file. 0.63.0 2009-12-17 Sam Varshavchik * authldapescape.c: Factor out LDAP string escape function. * authldap.schema: Various fixes * authldap.ldif (olcObjectClasses): Create LDIF format schema from authldap.schema 2009-11-21 Sam Varshavchik * authoption.c (auth_getoptionenvint): For account options that are parsed to an int, an option value that begins with t, T, y, or Y is evaluated as 1, other alphabetic values as 0; so that 'true' or 'yes' get evaluated as 1. 0.62.4 2009-06-13 Sam Varshavchik * Various compilation fixes for gcc 4.4 and libtool 2.2 0.62.3 2009-04-26 Sam Varshavchik * courier-authlib.spec.in (MAKEFLAGS): Explicit path to ./configtmp 2009-03-15 Sam Varshavchik * README_authlib.sgml: Fixed documentation of authpipe AUTH command. 2009-02-22 Sam Varshavchik * authmigrate.in (rc): Add /etc/courier-imap 0.62.2 2009-02-03 Sam Varshavchik * Makefile.am: Compatibility fix for bash 4 0.62.1 2008-12-25 Mr. Sam * cryptpassword.c: Fix compiler warnings * checkpasswordsha1.c: Fix compiler warnings. * authldaplib.c (auth_ldap_enumerate): Fix typo. 0.62.0 2008-12-17 Sam Varshavchik * authpgsqllib.c: Use PQescapeStringConn() instead of removing all apostrophes from query parameters. This fixes a potential SQL injection vulnerability if the Postgres database uses a non-Latin locale. 2008-12-06 Sam Varshavchik * Added support for {SSHA}-encrypted passwords. Based on a patch by Zou bin . * Added support for {SHA512} hash function. 0.61.1 2008-11-30 Sam Varshavchik * authsasllogin.c (authsasl_login): Fix memory leak. * authldaplib.c (read_env): Fix resource leak. authldap did not close the authldaprc configuration file after reading it on startup. * authldaplib.c (auth_ldap_do2): Fix used ptr after free(). When an email map feature is enabled, and the map failed, the resulting error message was formed from a buffer that was recently free()ed. * authpipe.c (auth_pipe): Fix memory leak. If the fork() system call failed (unlikely), a buffer wasn't getting released. 2008-11-30 Sam Varshavchik * Fix spec file to invoke authmksock with a short pathname. 2008-08-07 Mr. Sam * courier-authlib.spec.in: Add -C option to configure invocation. Remove the authmigrate script, only needed when upgrading from pre-2004 Courier, and the current packaging causes an error. 2008-07-20 "Hanno Böck" * authmigrate.in (rc): Use ${DESTDIR}, if set. 0.61.0 2008-07-13 Mr. Sam * courier-authlib.spec: Dummy provides: for symlinks, to allow upgrade with older packages that require .so.0. 2008-07-09 Mr. Sam * Makefile.am: Switch to versionless shared libraries. Install all shared libraries just as .so. make install manually removes *.so.0.0 files that were left over from previous versions, and installs a temporary *.so.0 symlink to *.so, for temporary binary ABI compatibility with 0.60. The symlinks will be removed in 0.62. 2008-07-08 Mr. Sam * Cleanup: always compile md5, sha* and hmac stuff, and remove all conditionally-compiled cruft. Move SASL list to an internal header. Add client-side support for AUTH EXTERNAL. 2008-06-29 Mr. Sam * authsasl.c (auth_sasl_ex): auth_sasl_ex() supercedes auth_sasl(), invokes auth_sasl() for non-EXTERNAL SASL methods, implements EXTERNAL by going through the motions, then setting up a dummy authentication request. * authdaemon.c (auth_generic): Check for the dummy EXTERNAL authentication request, and handle it by invoking auth_getuserinfo(), rather than sending it down the pipe. This avoid having to implement a stub in every authentication module. 0.60.6 2008-06-08 Alessandro Vesely * authmysqllib.c: Use mysql_set_character_set() instead of SET NAMES 0.60.5 2008-05-16 Mr. Sam * authmysqllib.c: Fix domain-less queries. 0.60.4 2008-05-08 Mr. Sam * Makefile: Drop the unmaintained authvchkpw module. 2008-05-04 Mr. Sam * authmysqllib.c: Cleanup. Use mysql_real_escape_string instead of crude filtering. 0.60.3 2007-11-11 Mr. Sam * Makefile.am: Use _LIBADD properly. 2007-10-15 "Johnny C. Lam" * configure.in: More portability fixes. 0.60.2 2007-10-10 "Johnny C. Lam" * liblock/lockdaemon.c: Portability fix for checking the highest available file descriptor. 0.60.1 2007-10-06 Anton Dobkin * MYSQL_CHARACTER_SET option. 2007-10-06 Oliver Lehmann * authvchkpw.c: Fix typo. 2007-10-06 Wayne Pascoe * courier-authlib.spec.in (BuildRequires): on redhat-rpm-config. 2007-10-06 Mr. Sam * userdb/userdb.pl.in (usage): Allow colons and pluses, in account names. 2007-10-06 Martin * checkpasswordmd5.c (authcheckpasswordmd5): Add {MD5RAW} hash method. 0.60 2007-09-25 "Johnny C. Lam" * liblock/lockdaemon.c (OPEN_MAX): Use OPEN_MAX, instead of hardcoded 99 2007-09-25 Mr. Sam * liblock/lockdaemon.c (OPEN_MAX): Even better, use sysconf(_SC_OPEN_MAX), where available. 2007-09-20 Mr. Sam * userdb/userdb.pl.in: Allow underscores in account names. 2007-08-29 "Noel (Sourceforge)" * authvchkpw.c: Compilation error. 2007-07-26 Mr. Sam * COPYING: GPL 3 2007-04-25 Mr. Sam * authvchkpw.c: Quell a compiler warning about a fwd declaration. 0.59.3 2007-04-22 Bill Shupp * Implement CRAM authentication in the vchpw module. 2007-04-22 Mr. Sam * courier-authlib.spec.in: spec files requires redhat-rpm-config 2007-04-15 Mr. Sam * man pages: work around for some bugs in Docbook XML stylesheets. 2007-04-13 Mr. Sam * authpipe.c (auth_pipe_pre): Fix leak when authpipe module is enabled, but the actual authpipe script/external prog is not installed. * authpipe.c (auth_pipe_chgpwd): Pedantic resource cleanup, after fork() fails. * userdb/userdb.c (userdb): Pedantic resource cleanup, after a malloc failure. * userdb/userdb2.c (userdbshadow): Ditto. 0.59.2 2007-04-05 Mr. Sam * Update man pages and documentation to Docbook XML V4.4 2007-02-25 Mr. Sam * More configure script cleanup 2007-02-25 Kurt Roeckx * Clean up configure scripts 2007-02-09 Juraj Lutter * authmysqlrc: Implement SSL-encrypted MySQL connections 2007-01-20 Mr. Sam * authldaplib.c: Fix pedantic C code. 0.59.1 2007-01-16 Mr. Sam * authldaplib.c (l_simple_bind_s): Fix anon binds. 0.59 2006-12-30 Lars Timmann * Makefile.am: Fixes for Solaris's linker. 2006-10-28 Mr. Sam * Ported code to gcc 4.1.1 * Ported authldap to openldap 2.3.27 2006-09-17 Chris Petersen - Make the spec a little prettier - Replace BuildPreReq with BuildRequires - Remove period from summaries (rpmlint) - Fix release tag to use %{?dist} macro if it's present - Change distro-detection to use "rh" and "fc" for version detection, and add support for mandriva 2006-06-01 kabe@sra-tohoku.co.jp * authldaplib.c (auth_ldap_enumerate): Fix LDAP account enumeration 2006-05-28 Mr. Sam * all: Fix many compiler warnings. 2006-03-25 Rui Lopes * userdb/makeuserdb.in: Added the -f option to makeuserdb 2006-02-23 Mr. Sam * authldaplib.c (authldap_read_config): Fix up an error message. 2006-01-30 Mr. Sam * authldaplib.c: Try to recover when the LDAP server closes the persistent socket, for inactivity. 2006-01-21 Mr. Sam * configure.in: Fix libtool 1.9 breakage. * Makefile.am: Ditto * courier-authlib spec file (BuildRequires): Demand /usr/include/ltdl.h * authdaemonlib.c (s_connect): Fix compiler warning. * authdaemond.c (start): Ditto. * authsaslclientcram.c (authsaslclient_cram): Ditto. * libhmac/hmac.c (dohashkey): Ditto. 0.58 2005-12-08 Mr. Sam * authpam.c (dopam): Re-enable pam_acct_mgmt hook. 2005-11-16 Mr. Sam * preauthshadow.c: Add support for shadow password expiration -- based on Krzysztof Oledzki 's patch. 2005-10-04 Brian Candler * authdaemonrc.in (LOGGEROPTS): Add a section for LDAP environment variable options. 2005-09-30 Mr. Sam * authdaemonlib.c (opensock): Configurable daemon socket timeout, based on a patch by Rodrigo Salinas . 2005-09-30: Michael Richard * authldaplib: Replace LDAP_SERVER and LDAP_PORT settings with LDAP_URI, which obsoletes LDAP_TLS. 2005-09-18 Mr. Sam * authldaplib.c (auth_ldap_do2): Fix LDAP error checking. 2005-09-03 Mr. Sam * authinfo.c (getmgid): Fix misleading error message. 2005-08-10 "Johnny C. Lam" * authpipelib.c: Include sys/time.h 0.57 2005-07-16 Mr. Sam * configure.in: Update to automake 1.9, autoconf 2.59, libtool 1.5.6. 2005-07-12 Mr. Sam * authlib: create the authtest and authpasswd manual pages. 2005-07-09 Mr. Sam * authldaplib.c (auth_ldap_do3): Fix call of authcryptpasswd(). * authpgsqllib.c (auth_pgsql_setpass): Ditto. * authmysqllib.c (auth_mysql_setpass): Ditto. * cryptpassword.c (authcryptpasswd): Fix handling of encryption hints. * checkpassword.c (do_authcheckpassword): Ignore {CRYPT} prefix on crypted passwords. * checkpasswordsha1.c (authcheckpasswordsha1): Fix {SHA256} passwords. * authmysqllib.c (auth_mysql_setpass): Fix a memory leak. 2005-07-06 Willi Mann * authdaemond.c: Strip full name/gecos field after the first comma. 2005-07-04 Brian Candler * liblog/logger.c: Fix wrong args to setuidgid(). * README_authlib.sgml: Document updated authpipe protocol. * authdaemond: Pass LOGGEROPTS option to authdaemond. 2005-07-02 Mr. Sam * liblog/logger.c: Added -droproot option to courierlogger. * liblock/lockdaemon.c: Try to recover if upgraded daemon process runs under a different uid. 2005-07-01 Brian Candler * Changed -uid and -gid options to -user and -group for consistency with couriertcpd. Change them to affect courierlogger itself, after it has spawned any child. * Optional default domain for authentication requests. 2005-07-02 Mr. Sam * Makefile.am: Refactor the linking process to make it more portable. 2005-06-30 Brian Candler * authdaemon.c (auth_generic): Silly bug in auth_generic(). * authpipe: more fixes to the authpipe module. 2005-05-14 Christian Loitsch * authpipe: various fixes to the authpipe module. 0.56 2005-05-08 Mr. Sam * courier-authlib.sysvinit: Remove lockfile after stop. 2005-04-07 Mr. Sam * authpipe.c (auth_pipe_pre): Fix zombies created by the authpipe module. 2005-03-20 Christian Loitsch * New authpipe authentication module. 2005-03-20 Brian Candler * Fix the error code when an empty password is provided. * authldap.schema: Add mailhost to the recommended LDAP schema. 0.55 2005-03-02 Mr. Sam * authsystem.passwd.in: Explicitly set LC_ALL to en_US 2005-02-20 Mr. Sam * SASL: Added CRAM-SHA256 authentication method (experimental). 2005-02-19 Mr. Sam * courierauthdebug.h: Macro dprintf conflicts with new glibc. 0.54 2005-01-31 Mr. Sam * authmigrate.in (rc): Fix - userdb file does not have to have a leading ##VERSION 2005-01-19 Brian Candler * userdb/makeuserdb.in: Report dangling symlinks. 0.53 2005-01-11 Mr. Sam * configure.in: Typo fix. 2005-01-05 Mr. Sam * Makefile.am (uninstall-hook): pw2userdb was not being installed. 0.52 2005-01-01 Mr. Sam * configure.in: Fix gdbm/bdb check. Try to autoprobe for Solaris linker. 2004-12-05 Mr. Sam * configure.in: Fix courierauthconfig --cppflags, new option to the configure script: --without-stdheaderdir 2004-12-03 Mr. Sam * courierauthconfig: --version prints package version. --version=V print "yes" if package version is at least V. 2004-12-01 Mr. Sam * liblog/logger.c: Added -uid and -gid options to courierlogger. 2004-11-29 Brian Candler * authldaplib.c: Use persistent connections for authenticated binds when using LDAPv3. Use the LDAP_OPT_NETWORK_TIMEOUT setting, initialized from the configuration file, if provided (OpenLDAP). If using authenticated binds, a password change is done under the user's credentials, instead of the admin's. 2004-11-24 Brian Candler * README.authdebug.html: document temporary failure messages. 2004-11-24 Mr. Sam * courier-authlib.spec.in: Move the userdb scripts in sbindir from main package to the userdb subpackage. 2004-11-24 Brian Candler * authuserdb.c: Fix error handling in userdb CRAM. * userdb-test-cram-md5: Helper script for verifying C/R authentication. 2004-11-20 Brian Candler * Additional debug messages. 2004-11-13 Brian Candler * mysql/pgsql fixes; other misc fixes 2004-11-16 Mr. Sam * configure.in: Fix mysql/pgslq autodetection 2004-11-13 Brian Candler * authdaemond: Fix bug in account enumeration function. * authdaemond: Return individual account options when enumerating accounts. Affects mysql, ldap, pgsql modules. mysql and pgsql enumeration filter must now return one more column. Added an ldap enumeration filter. New option to authenumerate, -o, includes account options in the output. New option, -s, suppressed accounts that have the disableshared option set. * authmysql, authpgsql: Additional debugging. * authmysql, authpgsql, authldap: Replaced enumeration function, more efficient memory usage with large accounts. * authldap: Suggested account schema has uid and gid optional, because global uid and gids may be set in authldaprc instead. * authvchkpw: Fix vpopmail compilation. 2004-11-10 Mr. Sam * configure.in: Do not disable mysql + pgsql if vchkpw lib was found. 2004-11-09 Brian Candler * authdaemond.c: New DEFAULTOPTIONS setting. 2004-11-04 Mr. Sam * authdaemonlib.c (s_connect): Wait for connection to authdaemond only if async connect() failed with EINPROGRESS. 2004-11-03 Mr. Sam * Makefile.am (SUBDIRS): Ok, only build in bdbobj/gdbmobj according to what autoconf finds. * authldaplib.c (auth_ldap_do3): Fix LDAP driver. 2004-11-03 Brian Candler * Makefile.am: Fixes. 2004-10-30 Mr. Sam * authinfo.c: Added mailuid= and mailgid= 2004-10-21 Mr. Sam * Makefile.am (libcourierauthsaslclient_la_SOURCES): Factored out SASL client support into libcourierauthsaslclient.la 2004-10-21 Brian Candler * Makefile.am: Fixes. 2004-10-16 Mr. Sam * authldap.schema: Added disableimap, disablepop3, disablewebmail, and sharedgroup. 2004-10-07 Mr. Sam * authsyschangepwd.c (dochangepwd): Do not reset the environment before exec-ing expect. 2004-10-04 Mr. Sam * Merged authuserdb with authcram. Fixed CRAM password changes. Do not reset the environment before exec-ing userdb and makeuserdb.