2011年1月 7日

[installer 2632] exim-4.73

exim-4.73 がようやく出ました。

セキュリティホールの修正が含まれています。
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4345
http://www.kb.cert.org/vuls/id/758489
http://jvn.jp/cert/JVNVU758489/
http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
http://bugs.exim.org/show_bug.cgi?id=1044

参照のこと。

☆ exim-4.73
http://www.exim.org/
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-4.73.tar.gz

Exim version 4.73
-----------------

PP/01 Date: & Message-Id: revert to normally being appended to a message,
only prepend for the Resent-* case. Fixes regression introduced in
Exim 4.70 by NM/22 for Bugzilla 607.

PP/02 Include check_rfc2047_length in configure.default because we're seeing
increasing numbers of administrators be bitten by this.

JJ/01 Added DISABLE_DKIM and comment to src/EDITME

PP/03 Bugzilla 994: added openssl_options main configuration option.

PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads.

PP/05 Bugzilla 834: provide a permit_coredump option for pipe transports.

PP/06 Adjust NTLM authentication to handle SASL Initial Response.

PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but
without a peer certificate, leading to a segfault because of an
assumption that peers always have certificates. Be a little more
paranoid. Problem reported by Martin Tscholak.

PP/08 Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content
filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes
NB: ClamAV planning to remove STREAM in "middle of 2010".
CL also introduces -bmalware, various -d+acl logging additions and
more caution in buffer sizes.

PP/09 Implemented reverse_ip expansion operator.

PP/10 Bugzilla 937: provide a "debug" ACL control.

PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne.

PP/12 Bugzilla 973: Implement --version.

PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0.

PP/14 Build without WITH_CONTENT_SCAN. Path from Andreas Metzler.

PP/15 Bugzilla 816: support multiple condition rules on Routers.

PP/16 Add bool_lax{} expansion operator and use that for combining multiple
condition rules, instead of bool{}. Make both bool{} and bool_lax{}
ignore trailing whitespace.

JJ/02 prevent non-panic DKIM error from being sent to paniclog

JJ/03 added tcp_wrappers_daemon_name to allow host entries other than
"exim" to be used

PP/17 Fix malware regression for cmdline scanner introduced in PP/08.
Notification from Dr Andrew Aitchison.

PP/18 Change ClamAV response parsing to be more robust and to handle ClamAV's
ExtendedDetectionInfo response format.
Notification from John Horne.

PP/19 OpenSSL 1.0.0a compatibility const-ness change, should be backwards
compatible.

PP/20 Added a CONTRIBUTING file. Fixed the documentation build to use http:
XSL and documented dependency on system catalogs, with examples of how
it normally works.

DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store
access.

DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour
of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a
configuration file which is writeable by the Exim user or group.

DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability
of configuration files to cover files specified with the -C option if
they are going to be used with root privileges, not just the default
configuration file.

DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY
option (effectively making it always true).

DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration
files to be used while preserving root privileges.

DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
that rogue child processes cannot use them.

PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim
run-time user, instead of root.

PP/28 Add WHITELIST_D_MACROS option to let some macros be overriden by the
Exim run-time user without dropping privileges.

DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the
result string, instead of calling string_vformat() twice with the same
arguments.

DW/30 Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not
for other users. Others should always drop root privileges if they use
-C on the command line, even for a whitelisted configure file.

DW/31 Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes.

NM/01 Fixed bug #1002 - Message loss when using multiple deliveries

----
こがよういちろう


投稿者 xml-rpc : 2011年1月 7日 08:38
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/101157
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。