Subject: CVS commit: pkgsrc/mail/policyd-weight
From: Tobias Nygren
Date: 2008-03-31 22:50:11
Message id: 20080331205011.CBECB175D0@cvs.netbsd.org

Log Message:
Maintainer update from PR pkg/38349, containing security fixes.
While here, fix a minor DESTDIR botch.

0.1.14 beta-17
- (security)  Using File::Spec->canonpath for normalization (trailing slashes)
              Check ownership of real directories to avoid race attacks
              for symlinks. Thanks to Robert Buchholz.
0.1.14 beta-16 (not released)
- (security)  The check for symlinked directories was half complete.
              perl ignores -l if the argument has a trailung slash.
              Thanks to Andrej Kacian.
0.1.14 beta-15
- (security)  $LOCKPATH and its contents weren't checked for being
              a symlink which. Thanks to Chris Howells and Andrej Kacian.
- (fix)       "dedicated" added to the exclusion list for dialup
              checks. A better approach would be to let the user
              configure dialup and exclude patterns.
0.1.14 beta-14
- (change)    rbls.org link changed to robtext.com
- (change)    results with 'rc:' as action are not cached
- (fix)       regexp check for dynamic helo/client did hit also some
              clients with "static"
- (fix)       helo numeric check was too fuzzy.
- (fix)       master didn't read config after policyd-weight reload
- (fix)       HELO_SEEMS_DIALUP may have scored even if the IP is listed
              for the sender domain.
- (fix)       An interrupt of policyd-weight -s may cause a SIGPIPE
              which killed the cache
- (change)    Implemented $NS list. Useful for users with split
              horizon DNS
- (fix)       don't cache rejections which were deferred (4xx and friends)
- (fix)       helo_numeric_score didn't catch [n.n.n.n] helos
- (fix)       Header was not included if $dnsbl_checks_only = 1; and
              $ADD_X_HEADER = 1; - Thanks to J. Genannt
- (fix)       Corrected handling of [n.n.n.n] HELOs and address-literals
              as sender (long standing issue)
- (change)    Introduced @dnsbl_checks_only_regexps in order to skip
              DNS checks for certain client hostnames
- (change)    Added -D (Don't detach) switch for daemon-tools/runit users
- (change)    Added signals handlers for most of signals so that they are
              at least logged, also, provide a perl backtrace.
- (change)    prerequisite steps for providing coredumps (build coredump
              directories, chdir) - coredumps are non-trivial:
              we start as root, change uid. At this moment coredumps
              are denied by kernel in order to protect root-data. The only
              workaround would be, to start cache and master via system()
              after changing uid
- (change)    In daemon mode wrongly crafted policy requests don't lead
              to a child-exit anymore, only the connection is closed
- (change)    log-facilities other than 'info' are now mentioned in log-lines
- (change)    SMTP information such as client, helo, sender and to are now
              logged in each log-message. If $DEBUG is set this also logs
              the instance variable.
- (fix)       rbl_lookup used sometimes 65536 as packet id which appeared
              to cause problems
- (fix)       Check for syslog absence. If syslog is not available then
              log temporarily to $LOCKPATH/polw-emergency.log
- (tmpfix)    Introduced $TRY_BALANCE which closes connections to smtpds after
              they got their response in order to avoid too many established
              smtpd->policyd-weight (child) connections.

Files:
RevisionActionfile
1.3modifypkgsrc/mail/policyd-weight/Makefile
1.2modifypkgsrc/mail/policyd-weight/distinfo