diff options
| author | wiedi <wiedi> | 2016-03-02 20:13:18 +0000 |
|---|---|---|
| committer | wiedi <wiedi> | 2016-03-02 20:13:18 +0000 |
| commit | 91f044e8adda8e17c102838cd6a6caea2c5a956a (patch) | |
| tree | db228286c02e62c28e9279d6f3c360a05903c085 /mail | |
| parent | c1391184180e82fc85e764bb111bbec299651a44 (diff) | |
| download | pkgsrc-91f044e8adda8e17c102838cd6a6caea2c5a956a.tar.gz | |
Update mail/exim and mail/exim-html to 4.86.2
Exim version 4.86.2
-------------------
Portability relase of 4.86.1
Exim version 4.86.1
-------------------
HS/04 Add support for keep_environment and add_environment options.
This fixes CVE-2016-1531.
All installations having Exim set-uid root and using 'perl_startup' are
vulnerable to a local privilege escalation. Any user who can start an
instance of Exim (and this is normally *any* user) can gain root
privileges. If you do not use 'perl_startup' you *should* be safe.
New options
-----------
We had to introduce two new configuration options:
keep_environment =
add_environment =
Both options are empty per default. That is, Exim cleans the complete
environment on startup. This affects Exim itself and any subprocesses,
as transports, that may call other programs via some alias mechanisms,
as routers (queryprogram), lookups, and so on. This may affect used
libraries (e.g. LDAP).
** THIS MAY BREAK your existing installation **
If both options are not used in the configuration, Exim issues a warning
on startup. This warning disappears if at least one of these options is
used (even if set to an empty value).
keep_environment should contain a list of trusted environment variables.
(Do you trust PATH?). This may be a list of names and REs.
keep_environment = ^LDAP_ : FOO_PATH
To add (or override) variables, you can use add_environment:
add_environment = <; PATH=/sbin:/usr/sbin
New behaviour
-------------
Now Exim changes it's working directory to / right after startup,
even before reading it's configuration. (Later Exim changes it's working
directory to $spool_directory, as usual.)
Exim only accepts an absolute configuration file path now, when using
the -C option.
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/exim-html/Makefile | 4 | ||||
| -rw-r--r-- | mail/exim-html/distinfo | 10 | ||||
| -rw-r--r-- | mail/exim/Makefile | 4 | ||||
| -rw-r--r-- | mail/exim/distinfo | 10 |
4 files changed, 14 insertions, 14 deletions
diff --git a/mail/exim-html/Makefile b/mail/exim-html/Makefile index c54e9a87c18..21e7c1bb793 100644 --- a/mail/exim-html/Makefile +++ b/mail/exim-html/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.30 2016/01/11 08:35:31 adam Exp $ +# $NetBSD: Makefile,v 1.31 2016/03/02 20:13:18 wiedi Exp $ -DISTNAME= exim-html-4.86 +DISTNAME= exim-html-4.86.2 CATEGORIES= mail net MASTER_SITES= ftp://ftp.exim.org/pub/exim/exim4/ \ ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/ \ diff --git a/mail/exim-html/distinfo b/mail/exim-html/distinfo index 459ce68a57d..005a8904a3d 100644 --- a/mail/exim-html/distinfo +++ b/mail/exim-html/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.25 2016/01/11 08:35:31 adam Exp $ +$NetBSD: distinfo,v 1.26 2016/03/02 20:13:18 wiedi Exp $ -SHA1 (exim-html-4.86.tar.bz2) = 774af2ee4caeff6c1332da986b13b45607578600 -RMD160 (exim-html-4.86.tar.bz2) = 2dd9aac0a72386fc26afa9c3d49e9aa901fc52af -SHA512 (exim-html-4.86.tar.bz2) = 0c15fbccaf9b744fb8b7990d2b2bd0555a04ef5ed82ffbf2e32372a539bae6d7cebad96960f5570a2f8f27d31ebdf2467c51cb053b059996bb9122bc02fa741b -Size (exim-html-4.86.tar.bz2) = 471159 bytes +SHA1 (exim-html-4.86.2.tar.bz2) = 9b55e69787cf1f9ef233fd762736bb4541773bb4 +RMD160 (exim-html-4.86.2.tar.bz2) = bf077ceaed3c0763d0ef93e2a7ee455a714db195 +SHA512 (exim-html-4.86.2.tar.bz2) = 593df23914939f8fa76c15a2ab7fc197efa05fcbb984179c9dc2c7d535fe2bef1394c07bc8449f2219f54615ff2f4ee13b76409d89b846dc71e54880681c913e +Size (exim-html-4.86.2.tar.bz2) = 466139 bytes diff --git a/mail/exim/Makefile b/mail/exim/Makefile index 41a43bfd02e..f41428bc1d9 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.142 2016/01/10 20:55:56 bsiegert Exp $ +# $NetBSD: Makefile,v 1.143 2016/03/02 20:13:18 wiedi Exp $ -DISTNAME= exim-4.86 +DISTNAME= exim-4.86.2 CATEGORIES= mail net MASTER_SITES= ftp://ftp.exim.org/pub/exim/exim4/ \ http://dl.ambiweb.de/mirrors/ftp.exim.org/exim/exim4/ diff --git a/mail/exim/distinfo b/mail/exim/distinfo index 089348c7b56..aaf281b2d9c 100644 --- a/mail/exim/distinfo +++ b/mail/exim/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.63 2016/01/10 20:55:56 bsiegert Exp $ +$NetBSD: distinfo,v 1.64 2016/03/02 20:13:18 wiedi Exp $ -SHA1 (exim-4.86.tar.bz2) = 5e2c2e5fcc83646e7d7dd308f1d13da0e49db924 -RMD160 (exim-4.86.tar.bz2) = bbcf683eb1397f350ff5b8789869ad8c34ff28ea -SHA512 (exim-4.86.tar.bz2) = 0b90cd1b4d99bbb976336ccf9c2c3375f453a74bb306f1b0215f7ecca80fbda83cf5cc38c502516c2903c5d753f1f559c534fc4f4b1b32ee3300db86de6610ab -Size (exim-4.86.tar.bz2) = 1804807 bytes +SHA1 (exim-4.86.2.tar.bz2) = 539cb2edc784d439cae8f95940e9eff847e2695d +RMD160 (exim-4.86.2.tar.bz2) = 06790977ad50fb19548826631df904d6bda62a83 +SHA512 (exim-4.86.2.tar.bz2) = 5869a7ae8fd66819f654f6617c7e77075a24b110074317b77135b8cc86f12632e79758d41819c6e91871e0145adaba4b91651f5c6c1d2ebd17927f0198876231 +Size (exim-4.86.2.tar.bz2) = 1799316 bytes SHA1 (patch-aa) = 4df21c2497e9fee8dfbcd4386bb1b70d69ca2932 SHA1 (patch-ab) = 6af17f036ed02a3bc37c1f303269eea447fcb691 SHA1 (patch-ae) = 7daf63727e222bbaa7e5b8289c4fcb6a8c0272cf |