Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 14 May 2001 23:45:01 -0700 (PDT)
From:      Gregory Neil Shapiro <gshapiro@FreeBSD.org>
To:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: ports/mail/listmanager Makefile distinfo pkg-plist
Message-ID:  <200105150645.f4F6j1D95341@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

gshapiro    2001/05/14 23:45:01 PDT

  Modified files:
    mail/listmanager     Makefile distinfo pkg-plist 
  Log:
  Update to listmanager 2.108 and reenable.
  
  v2.108  Released May 07, 2001 17:10 (PST)
          - try to avoid deadlock in LogBounces() by setting a timeout on
            the OpenDB() call
          - add config parameter "umask"
            [suggested by gshapiro@gshapiro.net]
          - don't set Reply-To: header in NewPending()
            [suggested by gshapiro@gshapiro.net]
          - "mailqueue" is now restricted by the "memberlist" command
            [suggested by gshapiro@gshapiro.net]
          - make use of the "domain" setting on preselected lists using the
            mail interface
            [requested by gshapiro@gshapiro.net]
          - trim spaces off of possible signature terminators in
            IdentifyMessage()
            [suggested by gshapiro@gshapiro.net]
          - LIBMSK: reimplement Absolute()
          The following resulted from a code audit by Greg Shapiro of
          Sendmail, Inc. <gshapiro@gshapiro.net>, whose help is greatly
          appreciated:
          - SECURITY: shed privileges when -C is used on the command line
          - SECURITY: add a popen() wrapper to shed privileges when the command
            being executed isn't sendmail
          - SECURITY: bounce requests or mail referring to addresses containing
            bogus characters, to prevent remote attacks
          - SECURITY: add some boundary checking in a few places I'd missed
          - SECURITY: be paranoid and call sendmail with "--" before
            arguments provided remotely to prevent remote attacks
          - SECURITY: verify access permissions with lm_access() to prevent
            unauthorized file giveaways and overwrites
          - SECURITY: be pedantic about list names to prevent nasty operations
          - SECURITY: add and begin using lm_safefopen()
  
  Revision  Changes    Path
  1.8       +11 -6     ports/mail/listmanager/Makefile
  1.6       +5 -4      ports/mail/listmanager/distinfo
  1.5       +5 -4      ports/mail/listmanager/pkg-plist


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105150645.f4F6j1D95341>