pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/38349: Security update of policyd-weight to

>Number:         38349
>Category:       pkg
>Synopsis:       Security update of policyd-weight to
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Mar 31 13:20:00 +0000 2008
>Originator:     Bartosz Kuzma
>Release:        4.0
Changes since

0.1.14 beta-17

- (security)  Using File::Spec->canonpath for normalization (trailing slashes)
              Check ownership of real directories to avoid race attacks
              for symlinks.
              Thanks to Robert Buchholz.        

0.1.14 beta-16 (not released)

- (security)  The check for symlinked directories was half complete.
              perl ignores -l if the argument has a trailung slash.
              Thanks to Andrej Kacian.

0.1.14 beta-15

- (security)  $LOCKPATH and its contents weren't checked for being
              a symlink which. Thanks to Chris Howells and Andrej Kacian.

- (fix)       "dedicated" added to the exclusion list for dialup
              checks. A better approach would be to let the user
              configure dialup and exclude patterns.

0.1.14 beta-14

- (change) link changed to

- (change)    results with 'rc:' as action are not cached

- (fix)       regexp check for dynamic helo/client did hit also some
              clients with "static"

- (fix)       helo numeric check was too fuzzy.

- (fix)       master didn't read config after policyd-weight reload

- (fix)       HELO_SEEMS_DIALUP may have scored even if the IP is listed
              for the sender domain.

- (fix)       An interrupt of policyd-weight -s may cause a SIGPIPE
              which killed the cache

- (change)    Implemented $NS list. Useful for users with split
              horizon DNS

- (fix)       don't cache rejections which were deferred (4xx and friends)

- (fix)       helo_numeric_score didn't catch [n.n.n.n] helos

- (fix)       Header was not included if $dnsbl_checks_only = 1; and
              $ADD_X_HEADER = 1; - Thanks to J. Genannt

- (fix)       Corrected handling of [n.n.n.n] HELOs and address-literals
              as sender (long standing issue)

- (change)    Introduced @dnsbl_checks_only_regexps in order to skip
              DNS checks for certain client hostnames

- (change)    Added -D (Don't detach) switch for daemon-tools/runit users

- (change)    Added signals handlers for most of signals so that they are
              at least logged, also, provide a perl backtrace.

- (change)    prerequisite steps for providing coredumps (build coredump
              directories, chdir) - coredumps are non-trivial:
              we start as root, change uid. At this moment coredumps
              are denied by kernel in order to protect root-data. The only 
              workaround would be, to start cache and master via system() 
              after changing uid

- (change)    In daemon mode wrongly crafted policy requests don't lead
              to a child-exit anymore, only the connection is closed

- (change)    log-facilities other than 'info' are now mentioned in log-lines

- (change)    SMTP information such as client, helo, sender and to are now
              logged in each log-message. If $DEBUG is set this also logs
              the instance variable.

- (fix)       rbl_lookup used sometimes 65536 as packet id which appeared
              to cause problems

- (fix)       Check for syslog absence. If syslog is not available then
              log temporarily to $LOCKPATH/polw-emergency.log

- (tmpfix)    Introduced $TRY_BALANCE which closes connections to smtpds after
              they got their response in order to avoid too many established
              smtpd->policyd-weight (child) connections.

Index: Makefile
RCS file: /cvsroot/pkgsrc/mail/policyd-weight/Makefile,v
retrieving revision
diff -r1.1.1.1 Makefile
< DISTNAME=             policyd-weight-
> DISTNAME=             policyd-weight-
Index: distinfo
RCS file: /cvsroot/pkgsrc/mail/policyd-weight/distinfo,v
retrieving revision
diff -r1.1.1.1 distinfo
< SHA1 (policyd-weight- = 
< RMD160 (policyd-weight- = 
< Size (policyd-weight- = 50043 bytes
> SHA1 (policyd-weight- = 
> 8b260869cc0206ba72f750d57df24df1de905a08
> RMD160 (policyd-weight- = 
> c668feedab8d4df85502eb0258f0924b20c1fcbb
> Size (policyd-weight- = 54942 bytes

Home | Main Index | Thread Index | Old Index