CAN-2005-2491, http://securitytracker.com/id?1014744
A remote or local user may be able to supply a specially crafted
regular expression to trigger a heap integer overflow in PCRE.
ok pvalchev@
This fixes lots of bugs and at least the security issues noticed in
CAN-2005-0021 and CAN-2005-0022.
based on a diff from "Andrey N. Oktyabrski" <ano at antora.ru>
- Use @sample to install configuration files
- @new(user|group) to create _exim user/group
- Add MESSAGE with tips&tricks from INSTALL
- Bump PKGNAME
MAINTAINERs timeout
ok strum@
This is a major update and configuration files are not compatible.
A conversion script is included and installed in
${PREFIX}/share/examples/exim4/convert4r4
New co-maintainer and much of the inital work done by Ilya Voronin.
A decision was made to include the semi-official exiscan patch in
the default installation, as most admins appear to use this. It is
hoped that is will become part of the core exim4 code "soon".
This port now creates an _exim user and group if they don't already
exist.
Work and testing by Ilya Voronin, Richard Welty, Axel Rau and others
who I can't now find in my mailbox. Apologies if I left you out.
Version 3.34
------------
1. Exim was failing to diagnose a lone \ at the end of an expansion string as
an error (basically a typo in the code).
2. If logging was only to syslog, and Exim was trying to panic-die, it crashed
instead of dying cleanly.
3. If an address was routed using a DNS lookup that found no MX records, but
one or more A records, and fallback hosts were specified on the transport, the
fallback hosts were ignored.
4. $message_body_size was set incorrectly (to zero) during filter testing.
5. Ensure the configuration file is closed before running the -bi command.
6. Reap all complete processes within the loop for accepting -bs or -bS
messages, because it seems that not all OS do this automatically when SIGCHLD
is set to SIG_IGN.
7. Reset SIGHUP to SIG_IGN before restarting a daemon, in case another SIGHUP
arrives very quickly and kills the newly started Exim before it has a chance to
get going.
8. After "452 space shortage", was not unsetting the sender address. Could lead
to strange effects when the client was pipelining.
9. There was no check that getpeername() was giving a socket address when
called on stdin passed from a previous delivery.
10. If a local part beginning with a pipe symbol was directed to a pipe
transport, the transport got confused as to which command it should run.
This could be a security exposure if unchecked local parts are directed
or routed to pipe transports.
See ChangeLog and documentation for a full list of bugs fixes and
new features. Release highlights include the addition of STARTTLS
extensions to SMTP and callback SMTP checks to verify sender addresses
on lightly loaded mail servers - prevent spam from made-up addresses.
This port includes the following flavors:
no_x11 - do not build eximon which requires X11
no_perl - do not include perl support
no_tls - do not include SSL/TLS support
mysql - support mysql queries for lookups
pgsql - support pgsql queries for lookups
ldap - support ldap (OpenLDAP) queries for lookups
All these queries are independent.
Maintainer has been temporarily chaged to me for feedback, until
Sebastian is back and available to support the port.
Testing has been limited to i386.