Date: Mon, 06 Mar 2000 01:24:27 -0800 From: Doug Barton <Doug@gorean.org> To: ports@freebsd.org, jfitz@freebsd.org Subject: [Fwd: Majordomo 1.94.5 released -- security and bugfix release] Message-ID: <38C3794B.7BEB63C7@gorean.org>
next in thread | raw e-mail | index | archive | help
I took a look at the upgrade, and it's almost just the change to the
version in the makefile and the checksum. The one patch that needs to be
changed is patch-sec1. In resend there is the following:
@@ -56,7 +56,7 @@
if ($ARGV[0] =~ /^\@/) {
$fn = shift(@ARGV);
$fn =~ s/^@//;
- open(AV, $fn) || die("open(AV, \"$fn\"): $!\nStopped");
+ sysopen(AV, $fn, O_RDONLY) || die("sysopen(AV, \"$fn\", O_RDONLY):
$!\nStopped");
undef($/); # set input field separator
$av = <AV>; # read whole file into string
close(AV);
This security concern seems to be adequately addressed in the new code:
open(AV, "< $fn" ) || die("open(AV, \"< $fn\"): $!\nStopped");
Other than that, the patches applied cleanly, although with a little
fuzz. I could generate a complete upgrade diff if needed, but it seems
like a simple fix...
Doug
-------- Original Message --------
Subject: Majordomo 1.94.5 released -- security and bugfix release
Date: Wed, 19 Jan 2000 16:22:13 +0100 (MET)
From: Chan Wilson <cwilson@neu.sgi.com>
To: majordomo-announce@GreatCircle.COM,
majordomo-workers@GreatCircle.COM,majordomo-users@GreatCircle.COM
Majordomo 1.94.5 has been released, another security bugfix release.
Available from ftp.GreatCircle.com and ftp.sgi.com:
ftp://ftp.greatcircle.com/pub/majordomo/majordomo.tgz
ftp://ftp.sgi.com/other/majordomo/majordomo.tgz
Thanks to all the volunteers who have produced the patches and made
them available to the community.
--Chan
Changes from 1.94.4 to 1.94.5
A straightforward patch release, 99% from the collected
1.94.4 patches:
o digest_rm_fronter and digest_rm_footer now work.
o unsubcribe_policy now has +confirm feature
o More hostile address checking
o archive2.pl makes archives world readable.
o bounce had an innocuous y2k bug, and wanted a 'bounces' list password
even
when called as unsub
o better description of the moderator function.
o Fixes 'restrict_post = #!$list' substitution and blank lines
in config files
o Better error reporting when majordomo.cf is wrong.
o Detects some attachments sent as commands
o Approve commands can span lines now.
o resend has better messages for taboo_headers problems
o fixed: header corruption when Subject: is blank and subject tags are
used.
=========================================================================================
archive2.pl.0 () Ensures archives are
world readable.
bounce.0 () Bounce script and unsub.
config_parse.pl.1 () Another trivial 1.94.4
patch: moderator
config_parse.pl.2 (B) Fixes 'restrict_post =
#!$list' substitution
config_parse.pl.5 (F) Fixes failing to accept
newconfig... (cleaned)
config_parse.pl.6 (B) Fixes bug when several
consecutive blank lines
or a trailing blank line
appear in a string array
digest-config_parse.pl.1 (F) Adds the functionality
promised by digest_rm_fronter
majordomo-config.1 (F) +config patches for
unsubscribe_policy
majordomo.0b (B+) Fixes some error
messages and minor bugs related to
aliasing
<listname>-request to invoking majordomo with -l
majordomo.1 (F) PATCH: no attachments
(was Re: Strange stuff)
majordomo.3 () A minor little patch
that cleans up newinfo/newintro
majordomo.6 (F) Patch for APPROVE
linewraps
majordomo.7 () Work-around for Perl
5.005 problem
majordomo.pl.1 (S+) Fixes security hole with
:include:syslog (untested)
request-answer.0 () Request-answer should
not reply to mailer-daemon et al
resend.2 (F) A nice patch for
debugging taboo_headers
resend.5 (B++) Fixes header corruption
when Subject: is
blank and subject tags
are used
resend.8 () More headers for the
skip headers string
resend_parse.1 () Corrected PATCH:
moderator behavior
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38C3794B.7BEB63C7>