CVS commit: pkgsrc/mail

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/mail
From: "Sebastian Wiedenroth" <wiedi%netbsd.org@localhost>
Date: Wed, 2 Mar 2016 20:13:18 +0000

Module Name:    pkgsrc
Committed By:   wiedi
Date:           Wed Mar  2 20:13:18 UTC 2016

Modified Files:
        pkgsrc/mail/exim: Makefile distinfo
        pkgsrc/mail/exim-html: Makefile distinfo

Log Message:
Update mail/exim and mail/exim-html to 4.86.2

Exim version 4.86.2
-------------------
Portability relase of 4.86.1

Exim version 4.86.1
-------------------
HS/04 Add support for keep_environment and add_environment options.
      This fixes CVE-2016-1531.

All installations having Exim set-uid root and using 'perl_startup' are
vulnerable to a local privilege escalation. Any user who can start an
instance of Exim (and this is normally *any* user) can gain root
privileges. If you do not use 'perl_startup' you *should* be safe.

New options
-----------

We had to introduce two new configuration options:

   keep_environment =
   add_environment =

Both options are empty per default. That is, Exim cleans the complete
environment on startup. This affects Exim itself and any subprocesses,
as transports, that may call other programs via some alias mechanisms,
as routers (queryprogram), lookups, and so on. This may affect used
libraries (e.g. LDAP).

** THIS MAY BREAK your existing installation **

If both options are not used in the configuration, Exim issues a warning
on startup. This warning disappears if at least one of these options is
used (even if set to an empty value).

keep_environment should contain a list of trusted environment variables.
(Do you trust PATH?). This may be a list of names and REs.

   keep_environment = ^LDAP_ : FOO_PATH

To add (or override) variables, you can use add_environment:

   add_environment = <; PATH=/sbin:/usr/sbin

New behaviour
-------------

Now Exim changes it's working directory to / right after startup,
even before reading it's configuration. (Later Exim changes it's working
directory to $spool_directory, as usual.)

Exim only accepts an absolute configuration file path now, when using
the -C option.


To generate a diff of this commit:
cvs rdiff -u -r1.142 -r1.143 pkgsrc/mail/exim/Makefile
cvs rdiff -u -r1.63 -r1.64 pkgsrc/mail/exim/distinfo
cvs rdiff -u -r1.30 -r1.31 pkgsrc/mail/exim-html/Makefile
cvs rdiff -u -r1.25 -r1.26 pkgsrc/mail/exim-html/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index