Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) by www.NetBSD.org (Postfix) with ESMTP id C914663B873 for ; Thu, 27 Jan 2011 07:48:56 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 9A9DD19CEA2; Thu, 27 Jan 2011 07:48:56 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 57F2319CE9E for ; Thu, 27 Jan 2011 07:48:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id tULvr0137Xb1 for ; Thu, 27 Jan 2011 07:48:53 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id ED4C019CE7F for ; Thu, 27 Jan 2011 07:48:52 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id C04C9175DD; Thu, 27 Jan 2011 07:48:52 +0000 (UTC) MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Date: Thu, 27 Jan 2011 07:48:52 +0000 From: "Adam Ciarcinski" Subject: CVS commit: pkgsrc/mail To: pkgsrc-changes@NetBSD.org Reply-To: adam@netbsd.org X-Mailer: log_accum Message-Id: <20110127074852.C04C9175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: adam Date: Thu Jan 27 07:48:52 UTC 2011 Modified Files: pkgsrc/mail/exim: Makefile distinfo pkgsrc/mail/exim-html: Makefile distinfo Log Message: Changes 4.74: * Failure to get a lock on a hints database can have serious consequences so log it to the panic log. * Log LMTP confirmation messages in the same way as SMTP, controlled using the smtp_confirmation log selector. * Include the error message when we fail to unlink a spool file. * Bugzilla 139: Support dynamically loaded lookups as modules. * Bugzilla 139: Documentation and portability issues. Avoid GNU Makefile-isms, let Exim continue to build on BSD. Handle per-OS dynamic-module compilation flags. * Let /dev/null have normal permissions. The 4.73 fixes were a little too stringent and complained about the permissions on /dev/null. Exempt it from some checks. * Report version information for many libraries, including Exim version information for dynamically loaded libraries. Created version.h, now support a version extension string for distributors who patch heavily. Dynamic module ABI change. * CVE-2011-0017 - check return value of setuid/setgid. This is a privilege escalation vulnerability whereby the Exim run-time user can cause root to append content of the attacker's choosing to arbitrary files. * Bugzilla 1041: merged DCC maintainer's fixes for return code. * Bugzilla 1071: fix delivery logging with untrusted macros. If dropping privileges for untrusted macros, we disabled normal logging on the basis that it would fail; for the Exim run-time user, this is not the case, and it resulted in successful deliveries going unlogged. To generate a diff of this commit: cvs rdiff -u -r1.104 -r1.105 pkgsrc/mail/exim/Makefile cvs rdiff -u -r1.47 -r1.48 pkgsrc/mail/exim/distinfo cvs rdiff -u -r1.19 -r1.20 pkgsrc/mail/exim-html/Makefile cvs rdiff -u -r1.14 -r1.15 pkgsrc/mail/exim-html/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.