diff --git a/.cvsignore b/.cvsignore
index 60ab17c..469958e 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,4 +1,4 @@
-dovecot-1.1.1.tar.gz
-dovecot-1.1.1.tar.gz.sig
 dovecot-sieve-1.1.5.tar.gz
 dovecot-sieve-1.1.5.tar.gz.sig
+dovecot-1.1.2.tar.gz
+dovecot-1.1.2.tar.gz.sig
diff --git a/dovecot-1.1-default-settings-passwd.patch b/dovecot-1.1-default-settings-passwd.patch
new file mode 100644
index 0000000..eff8247
--- /dev/null
+++ b/dovecot-1.1-default-settings-passwd.patch
@@ -0,0 +1,11 @@
+--- dovecot-1.1.2/dovecot-example.conf.passwd	2008-07-29 14:30:57.000000000 +0200
++++ dovecot-1.1.2/dovecot-example.conf	2008-07-29 14:32:48.000000000 +0200
+@@ -92,6 +92,8 @@
+ 
+ # If key file is password protected, give the password here. Alternatively
+ # give it when starting dovecot with -p parameter.
++# Security note: if you have this config file world readable, then put the
++# password into /etc/sysconfig/dovecot.
+ #ssl_key_password =
+ 
+ # File containing trusted SSL certificate authorities. Set this only if you
diff --git a/dovecot.init b/dovecot.init
index b9d83af..dfd4d7f 100755
--- a/dovecot.init
+++ b/dovecot.init
@@ -8,6 +8,7 @@
 # description: Dovecot Imap Server
 # processname: dovecot
 # config: /etc/dovecot.conf
+# config: /etc/sysconfig/dovecot
 # pidfile: /var/run/dovecot/master.pid
 
 ### BEGIN INIT INFO
@@ -27,6 +28,10 @@
 # Source function library.
 . /etc/init.d/functions
 
+if [ -f /etc/sysconfig/dovecot ]; then
+    . /etc/sysconfig/dovecot
+fi
+
 RETVAL=0
 prog="Dovecot Imap"
 exec="/usr/sbin/dovecot"
@@ -39,7 +44,7 @@ start() {
 	[ -f $config ] || exit 6
 
         echo -n $"Starting $prog: "
-	daemon --pidfile $pidfile $exec
+	daemon --pidfile $pidfile $exec $OPTIONS
 	RETVAL=$?
 	[ $RETVAL -eq 0 ] && touch  $lockfile
 	echo
diff --git a/dovecot.spec b/dovecot.spec
index d87b605..dbebede 100644
--- a/dovecot.spec
+++ b/dovecot.spec
@@ -1,8 +1,8 @@
 Summary: Dovecot Secure imap server
 Name: dovecot
 Epoch: 1
-Version: 1.1.1
-Release: 2%{?dist}
+Version: 1.1.2
+Release: 1%{?dist}
 License: MIT and LGPLv2 and BSD with advertising
 Group: System Environment/Daemons
 
@@ -26,10 +26,12 @@ Source5: migrate-users
 Source6: perfect_maildir.pl
 Source7: dovecot-REDHAT-FAQ.txt
 Source8: http://dovecot.org/releases/sieve/%{sieve_name}-%{sieve_version}.tar.gz
+Source9: dovecot.sysconfig
 Patch1: dovecot-1.1-default-settings.patch
 Patch2: dovecot-1.0.beta2-mkcert-permissions.patch
 # local filesystem rules
 Patch3: dovecot-1.0.rc7-mkcert-paths.patch
+Patch4: dovecot-1.1-default-settings-passwd.patch
 
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: openssl-devel, pam-devel, zlib-devel
@@ -148,6 +150,7 @@ This package provides the development files for dovecot.
 %patch1 -p1 -b .default-settings
 %patch2 -p1 -b .mkcert-permissions
 %patch3 -p1 -b .mkcert-paths
+%patch4 -p1 -b .passwd
 
 %if %{build_sieve}
 %setup -q -D -T -a 8
@@ -208,6 +211,9 @@ install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initrddir}/dovecot
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
 install -p -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/dovecot
 
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
+install -p -m 600 %{SOURCE9} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/dovecot
+
 # generate ghost .pem file
 mkdir -p $RPM_BUILD_ROOT%{ssldir}/certs
 mkdir -p $RPM_BUILD_ROOT%{ssldir}/private
@@ -303,7 +309,8 @@ fi
 %files -f libs.filelist
 %defattr(-,root,root,-)
 %doc %{docdir}-%{version}
-%attr(0640,dovecot,mail) %config(noreplace) %{_sysconfdir}/dovecot.conf
+%config(noreplace) %{_sysconfdir}/dovecot.conf
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/dovecot
 %{_initrddir}/dovecot
 %config(noreplace) %{_sysconfdir}/pam.d/dovecot
 %dir %{ssldir}
@@ -369,6 +376,10 @@ fi
 
 
 %changelog
+* Tue Jul 29 2008 Dan Horak <dan[at]danny.cz> - 1:1.1.2-1
+- update to upstream version 1.1.2
+- final solution for #445200 (put the password into /etc/sysconfig/dovecot)
+
 * Fri Jun 27 2008 Dan Horak <dan[at]danny.cz> - 1:1.1.1-2
 - update default settings to listen on both IPv4 and IPv6 instead of IPv6 only
 
diff --git a/dovecot.sysconfig b/dovecot.sysconfig
new file mode 100644
index 0000000..ff58b60
--- /dev/null
+++ b/dovecot.sysconfig
@@ -0,0 +1,5 @@
+# Here you can specify the password for your SSL certificates
+# so the main config file can be world readable. Other command
+# line options can be specified too.
+#
+#OPTIONS="-p my_certificate_password"
diff --git a/sources b/sources
index c10d737..68457b7 100644
--- a/sources
+++ b/sources
@@ -1,4 +1,4 @@
-239072365e4fc35b8a7162f841cb07c9  dovecot-1.1.1.tar.gz
-ac726ebee281c879f6dc183d1919a67c  dovecot-1.1.1.tar.gz.sig
 b4362defe3fc18865db8cf8e1c940b13  dovecot-sieve-1.1.5.tar.gz
 0fdb01f9fd960fbd5a8271584ac62cb8  dovecot-sieve-1.1.5.tar.gz.sig
+fcebb6c099421049632b2f1f019f55cd  dovecot-1.1.2.tar.gz
+52cacb5d0f7b597392532b181d3875f7  dovecot-1.1.2.tar.gz.sig