around a CVS bug. Also add some missing options to usage() and help()
and alphabetize them properly, and show the usage string if no arguments
were specified on the command line.
was happening if the static structures were used, but not when the
tlsChannelType structure was created on the fly (as is needed for use
with different versions of TCL). Bump up the PORTREVISION.
clash with other binutils ports for different targets, and are not
needed to be installed at all.
PR: ports/27347 (although with a different approach than suggested)
v2.108 Released May 07, 2001 17:10 (PST)
- try to avoid deadlock in LogBounces() by setting a timeout on
the OpenDB() call
- add config parameter "umask"
[suggested by gshapiro@gshapiro.net]
- don't set Reply-To: header in NewPending()
[suggested by gshapiro@gshapiro.net]
- "mailqueue" is now restricted by the "memberlist" command
[suggested by gshapiro@gshapiro.net]
- make use of the "domain" setting on preselected lists using the
mail interface
[requested by gshapiro@gshapiro.net]
- trim spaces off of possible signature terminators in
IdentifyMessage()
[suggested by gshapiro@gshapiro.net]
- LIBMSK: reimplement Absolute()
The following resulted from a code audit by Greg Shapiro of
Sendmail, Inc. <gshapiro@gshapiro.net>, whose help is greatly
appreciated:
- SECURITY: shed privileges when -C is used on the command line
- SECURITY: add a popen() wrapper to shed privileges when the command
being executed isn't sendmail
- SECURITY: bounce requests or mail referring to addresses containing
bogus characters, to prevent remote attacks
- SECURITY: add some boundary checking in a few places I'd missed
- SECURITY: be paranoid and call sendmail with "--" before
arguments provided remotely to prevent remote attacks
- SECURITY: verify access permissions with lm_access() to prevent
unauthorized file giveaways and overwrites
- SECURITY: be pedantic about list names to prevent nasty operations
- SECURITY: add and begin using lm_safefopen()
* Portlint and clean up some style bugs
* Replace a hand-rolled configure script with pre/post-configure and
GNU_CONFIGURE (side-effect is to respect CC and CFLAGS in the build
instead of using -O2)
* respect the value of INSTALL_SCRIPT so the installation doesn't bomb out
when we pass in INSTALL_PROGRAM as well
* allow automatic packaging (the MANUAL_PACKAGE_BUILD) seems to be a hold-
over from several years ago before package builds were done separately.
Approved by: jmz (maintainer)
