diff options
| author | rea <rea@FreeBSD.org> | 2011-01-09 19:19:24 +0800 |
|---|---|---|
| committer | rea <rea@FreeBSD.org> | 2011-01-09 19:19:24 +0800 |
| commit | df637ccdfcb6f06a908ab906103a6f3910867237 (patch) | |
| tree | 26dfc86f84c77da9baea9570c725ad6c85588564 /mail/exim/Makefile | |
| parent | e71e21d35a25cb1ba97deb57ee14daacaa5da02f (diff) | |
| download | freebsd-ports-gnome-df637ccdfcb6f06a908ab906103a6f3910867237.tar.gz freebsd-ports-gnome-df637ccdfcb6f06a908ab906103a6f3910867237.tar.zst freebsd-ports-gnome-df637ccdfcb6f06a908ab906103a6f3910867237.zip | |
mail/exim: update to 4.73
Most notably, this version fixes local exim -> root escalation,
CVE-2010-4345.
Port had also gained configurable knob for disabling -D option
and make variables TRUSTED_CONFIG_LIST and WHITELIST_D_MACROS
to fine tune the behaviour of options -C and -D.
New items are documented at
ftp://exim.inode.at/exim/ChangeLogs/NewStuff-4.73
Changelog is available at
ftp://exim.inode.at/exim/ChangeLogs/ChangeLog-4.73
Security: e4fcf020-0447-11e0-becc-0022156e8794 / CVE-2010-4345
PR: 152963 [1], 153711 [2]
Submitted by: Alexander Wittig <alexander@wittig.name> [1]
Approved by: garga (mentor)
Diffstat (limited to 'mail/exim/Makefile')
| -rw-r--r-- | mail/exim/Makefile | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/mail/exim/Makefile b/mail/exim/Makefile index 2a83b8ec3d36..95109ff76d38 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -27,7 +27,7 @@ MAKE_JOBS_UNSAFE= yes .include <bsd.port.pre.mk> -.if defined(WITH_SA_EXIM) +.if defined(WITH_SA_EXIM) .if defined(WITH_KAS) IGNORE= You cannot select both SA_EXIM and KAS options .endif @@ -58,7 +58,7 @@ PLIST_SUB+= SO_1024="" PLIST_SUB+= SO_1024="@comment " .endif -EXIM_VERSION= 4.72 +EXIM_VERSION= 4.73 SA_EXIM_VERSION=4.2 SO_1024_VERSION=3.2 @@ -449,9 +449,32 @@ PLIST_SUB+= DAEMON="@comment " SEDLIST+= -e 's,^\# (HAVE_IPV6=),\1,' .endif +.if defined(WITH_DISABLE_D_OPT) +SEDLIST+= -e 's,^\# (DISABLE_D_OPTION=),\1,' +.else +.if defined(WHITELIST_D_MACROS) +SEDLIST+= -e 's,^\# (WHITELIST_D_MACROS=).*$$,\1=${WHITELIST_D_MACROS:S/,/\\,/g},' +.endif +.endif + +.if defined(TRUSTED_CONFIG_LIST) +SEDLIST+= -e 's,^\# (TRUSTED_CONFIG_LIST=).*$$,\1=${TRUSTED_CONFIG_LIST:S/,/\\,/g},' +.endif + DUMMY_LDFLAGS!= ${ECHO_CMD} ${LDFLAGS} | ${SED} -e 's|-Wl,-rpath|-Wl,-DUMMYrpath|g; s|-rpath|-Wl,-rpath|g; s|-DUMMYrpath|-rpath|g' pre-everything:: + @${ECHO} 'Exim now drops privileges when alternate configuration' + @${ECHO} 'files are used. You can set make variable TRUSTED_CONFIG_LIST' + @${ECHO} 'to specify the list of configuration files for which' + @${ECHO} 'root privileges will be retained.' + @${ECHO} '' + @${ECHO} 'You can whitelist some macros using the make variable' + @${ECHO} 'WHITELIST_D_MACROS. This is useful if you are running' + @${ECHO} 'with DISABLE_D_OPT set, but macros whitelisting will be' + @${ECHO} 'removed in some future Exim release, so it is better' + @${ECHO} 'to use TRUSTED_CONFIG_LIST to set the list of trusted' + @${ECHO} 'configuration files.' .if empty(.MAKEFLAGS:M-s) && defined(WITH_WISHLIST) @${ECHO} '' @${ECHO} 'Included extra patches:' |