From owner-cvs-all  Mon May 14 23:45: 8 2001
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9FC6637B42C; Mon, 14 May 2001 23:45:01 -0700 (PDT)
	(envelope-from gshapiro@FreeBSD.org)
Received: (from gshapiro@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f4F6j1D95341;
	Mon, 14 May 2001 23:45:01 -0700 (PDT)
	(envelope-from gshapiro)
Message-Id: <200105150645.f4F6j1D95341@freefall.freebsd.org>
From: Gregory Neil Shapiro <gshapiro@FreeBSD.org>
Date: Mon, 14 May 2001 23:45:01 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: ports/mail/listmanager Makefile distinfo pkg-plist
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

gshapiro    2001/05/14 23:45:01 PDT

  Modified files:
    mail/listmanager     Makefile distinfo pkg-plist 
  Log:
  Update to listmanager 2.108 and reenable.
  
  v2.108  Released May 07, 2001 17:10 (PST)
          - try to avoid deadlock in LogBounces() by setting a timeout on
            the OpenDB() call
          - add config parameter "umask"
            [suggested by gshapiro@gshapiro.net]
          - don't set Reply-To: header in NewPending()
            [suggested by gshapiro@gshapiro.net]
          - "mailqueue" is now restricted by the "memberlist" command
            [suggested by gshapiro@gshapiro.net]
          - make use of the "domain" setting on preselected lists using the
            mail interface
            [requested by gshapiro@gshapiro.net]
          - trim spaces off of possible signature terminators in
            IdentifyMessage()
            [suggested by gshapiro@gshapiro.net]
          - LIBMSK: reimplement Absolute()
          The following resulted from a code audit by Greg Shapiro of
          Sendmail, Inc. <gshapiro@gshapiro.net>, whose help is greatly
          appreciated:
          - SECURITY: shed privileges when -C is used on the command line
          - SECURITY: add a popen() wrapper to shed privileges when the command
            being executed isn't sendmail
          - SECURITY: bounce requests or mail referring to addresses containing
            bogus characters, to prevent remote attacks
          - SECURITY: add some boundary checking in a few places I'd missed
          - SECURITY: be paranoid and call sendmail with "--" before
            arguments provided remotely to prevent remote attacks
          - SECURITY: verify access permissions with lm_access() to prevent
            unauthorized file giveaways and overwrites
          - SECURITY: be pedantic about list names to prevent nasty operations
          - SECURITY: add and begin using lm_safefopen()
  
  Revision  Changes    Path
  1.8       +11 -6     ports/mail/listmanager/Makefile
  1.6       +5 -4      ports/mail/listmanager/distinfo
  1.5       +5 -4      ports/mail/listmanager/pkg-plist


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message