pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/mail/getmail Update to 4.2.2. From the changelog:



details:   https://anonhg.NetBSD.org/pkgsrc/rev/7435a4a8a1a6
branches:  trunk
changeset: 482145:7435a4a8a1a6
user:      schmonz <schmonz%pkgsrc.org@localhost>
date:      Wed Oct 20 21:55:12 2004 +0000

description:
Update to 4.2.2. From the changelog:

Version 4.1.5
13 September 2004

  -getmail would not delete messages from the server if it was configured not
  to retrieve them and the delete_after directive was not in use (i.e. user
  normally left messages on server but occasionally wanted to force-delete
  them).  Fixed.  Thanks:  Frankye Fattarelli.


Version 4.2.0
18 September 2004

  -SECURITY: previous versions of getmail contain a security vulnerability.
  A local attacker with a shell account could exploit a race condition (or a
  similar symlink attack) to cause getmail to create or overwrite files in a
  directory of the local user's choosing if the system administrator ran getmail
  as root and delivered messages to a maildir or mbox file under the control of
  the attacker, resulting in a local root exploit.  Fixed in versions 4.2.0
  and 3.2.5.
  This vulnerability is not exploitable if the administrator does not deliver
  mail to the maildirs/mbox files of untrusted local users, or if getmail is
  configured to use an external unprivileged MDA.  This vulnerability is
  not remotely exploitable.
  Thanks: David Watson.  My gratitude to David for his work on finding and
  analyzing this problem.
  -Now, on Unix-like systems when run as root, getmail forks a child
  process and drops privileges before delivering to maildirs or mbox files.
  getmail will absolutely refuse to deliver to such destinations as root;
  the uid to switch to must be configured in the getmailrc file.
  -revert behaviour regarding delivery to non-existent mbox files.  Versions
  4.0.0 through 4.1.5 would create the mbox file if it did not exist; in
  versions 4.2.0 and up, getmail reverts to the v.3 behaviour of refusing
  to do so.


Version 4.2.1
8 October 2004

  -set message attributes on corrupt container objects to prevent problems
  with destinations that expect multidrop-retrieved messages.
  Thanks: Harry Wearne.
  -move tests for existence of file from mbox destination initialization
  to delivery method, and change error from configuration to delivery error.
  Thanks: David Watson.


Version 4.2.2
11 October 2004

  -in child delivery processes, change real as well as effective uid/gid.
  Thanks: David Watson.
  -handle corrupted oldmail file better.  Thanks: Matthias Andree.

diffstat:

 mail/getmail/Makefile |  4 ++--
 mail/getmail/distinfo |  6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diffs (24 lines):

diff -r cc6823cc31fd -r 7435a4a8a1a6 mail/getmail/Makefile
--- a/mail/getmail/Makefile     Wed Oct 20 21:35:22 2004 +0000
+++ b/mail/getmail/Makefile     Wed Oct 20 21:55:12 2004 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.32 2004/09/02 02:35:58 schmonz Exp $
+# $NetBSD: Makefile,v 1.33 2004/10/20 21:55:12 schmonz Exp $
 
-DISTNAME=      getmail-4.1.4
+DISTNAME=      getmail-4.2.2
 CATEGORIES=    mail
 MASTER_SITES=  ${HOMEPAGE}old-versions/
 
diff -r cc6823cc31fd -r 7435a4a8a1a6 mail/getmail/distinfo
--- a/mail/getmail/distinfo     Wed Oct 20 21:35:22 2004 +0000
+++ b/mail/getmail/distinfo     Wed Oct 20 21:55:12 2004 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.25 2004/09/02 02:35:58 schmonz Exp $
+$NetBSD: distinfo,v 1.26 2004/10/20 21:55:12 schmonz Exp $
 
-SHA1 (getmail-4.1.4.tar.gz) = cee70895e22bcec75ea0588744cd46b381d494ec
-Size (getmail-4.1.4.tar.gz) = 118943 bytes
+SHA1 (getmail-4.2.2.tar.gz) = e2f9c080bfefae2b2deb65c6ac11e6dfb0c08cc2
+Size (getmail-4.2.2.tar.gz) = 121093 bytes
 SHA1 (patch-aa) = 63bb1a6427f5b129200e7fa4bdd34267d427a2a7



Home | Main Index | Thread Index | Old Index