Changelog is at
http://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74
Please, note that CVE-2011-0017 is not applicable to FreeBSD,
because setuid() doesn't check RLIMIT_NPROC.
Also fixed the periodic script for tidying the databases: now it won't
produce errors if the lockfile is here, but the actual database file
is gone. [2]
And finally, synced the mirror list to the current one and
pruned old unusable mirrors:
- ftp.csx.cam.ac.uk: not synced anymore;
- www.no.exim.org: no DNS record;
- ftp.demon.nl: no longer mirrors Exim;
- ftp.freenet.de: mirror of ftp.csx.cam.ac.uk;
- ftp.esat.net: not synced anymore;
- ftp.mirrorservice.org: mirror of ftp.csx.cam.ac.uk.
Feature safe: yes
PR: 154323 [1]
Submitted by: Geraint Edwards <gedge@yadn.org> [2],
Alexander Wittig <alexander@wittig.name> [1]
Approved by: erwin (mentor), renato (mentor)
There was an extra '=' sign at the sed substitution
pattern that affected users of make-only options
TRUSTED_CONFIG_LIST and WHITELIST_D_MACROS: Exim
binary won't build if any of these options is set.
Spotted by: tdb
Pointyhat to: rea
Approved by: erwin (mentor)
Most notably, this version fixes local exim -> root escalation,
CVE-2010-4345.
Port had also gained configurable knob for disabling -D option
and make variables TRUSTED_CONFIG_LIST and WHITELIST_D_MACROS
to fine tune the behaviour of options -C and -D.
New items are documented at
ftp://exim.inode.at/exim/ChangeLogs/NewStuff-4.73
Changelog is available at
ftp://exim.inode.at/exim/ChangeLogs/ChangeLog-4.73
Security: e4fcf020-0447-11e0-becc-0022156e8794 / CVE-2010-4345
PR: 152963 [1], 153711 [2]
Submitted by: Alexander Wittig <alexander@wittig.name> [1]
Approved by: garga (mentor)
The changes from the previous release are:
1. TWO SECURITY FIXES: one relating to mail-spools which are
globally writable, the other to locking of MBX folders (not mbox).
These have CVE identifiers CVE-2010-2023 and CVE-2010-2024
2. MySQL stored procedures are now supported.
3. The dkim_domain transport option is now a list, not a single
string, and messages will be signed for each element in the list
(discarding duplicates).
4. The 4.70 release unexpectedly changed the behaviour of dnsdb TXT
lookups in the presence of multiple character strings within
the RR. Prior to 4.70, only the first string would be returned.
The dnsdb lookup now, by default, preserves the pre-4.70
semantics, but also now takes an extended output separator
specification. The separator can be followed by a semicolon, to
concatenate the individual text strings together with no join
character, or by a comma and a second separator character, in
which case the text strings within a TXT record are joined on
that second character. Administrators are reminded that DNS
provides no ordering guarantees between multiple records in an
RRset. For example:
foo.example. IN TXT "a" "b" "c"
foo.example. IN TXT "d" "e" "f"
${lookup dnsdb{>/ txt=foo.example}} -> "a/d"
${lookup dnsdb{>/; txt=foo.example}} -> "def/abc"
${lookup dnsdb{>/,+ txt=foo.example}} -> "a+b+c/d+e+f"
PR: ports/147686
Submitted by: Alexey V.Degtyarev <alexey@renatasystems.org>
good messages per day for any mailhost. It is to note: 1024 - it is
not the total amount of messages scanned but the only good ones,
which aren't considered as spam. Once 1024 good messages get passed
through the filter, the rest of mail traffic will be passed without
considering spam or ham until the end of the day.
http://so.yandex.ru/companies/so1024.xml
The patch allows use of "Spamooborona 1024" with Exim by using
Local_scan()'s functionality provided by Yandex LLC.
PR: ports/146215
Submitted by: Alexey V.Degtyarev <alexey@renatasystems.org>
- Merge all SF mirrors to MASTER_SITE_SOURCEFORGE, resort according to quick download speed survey
- Fix MASTER_SITES for all port that have used SOURCEFORGE_EXTENTED
Approved by: portmgr (pav)
- Bump PORTREVISION for all ports depending on libglut since the shlib
version number went from 4 to 3.
- Bump PORTREVISION for all ports depending on libXaw as libXaw.so.8 isn't
installed anymore.
- Couple of ports fixes (mostly missing xorg components added to USE_XORG).
- Remove USE_XLIB/USE_X_PREFIX/USE_XPM in favor of USE_XORG
- Remove X11BASE support in favor of LOCALBASE or PREFIX
- Use USE_LDCONFIG instead of INSTALLS_SHLIB
- Remove unneeded USE_GCC 3.4+
Thanks to all Helpers:
Dmitry Marakasov, Chess Griffin, beech@, dinoex, rafan, gahr,
ehaupt, nox, itetcu, flz, pav
PR: 116263
Tested on: pointyhat
Approved by: portmgr (pav)
