procmail
[Top] [All Lists]

Procmail version 3.20 released

2001-06-28 23:35:06

I'm pleased to announce the release of procmail version 3.20.

The primary impetus for this release of procmail is a matter of security
and robustness involving signal handlers.

To be precise, when a signal is sent a process, there are a limited
number of things that can be done safely while handling the signal.
Procmail didn't always follow those rules, such that it could be made to
crash; it is possible that this could exploited to obtain unauthorized
privileges.  We therefore strongly recommend that procmail be upgraded
to version 3.20 on any system where it is installed setuid or setgid.


Other major changes in this release include the addition of support
for server-side LMTP and the use of the 'standard' file name format
in maildirs.


As with previous versions, you can find this package at the URLs
        http://www.procmail.org/procmail-3.20.tar.gz
        ftp://ftp.procmail.org/pub/procmail/procmail-3.20.tar.gz

The procmail homepage, http://www.procmail.org/, includes a list of
mirror sites at which this package should be obtainable within a few
days.  It also has links to PGP signatures for the above.

Many thanks to the members of the procmail-dev mailing list for their
ideas and testing.


Philip Guenther
Procmail Maintainer
bug(_at_)procmail(_dot_)org


Here are the new HISTORY file entries from version 3.15.1:

2001/06/28: v3.20
            Changes to procmail:
               - SECURITY: don't do unsafe things from signal handlers:
                  - ignore TRAP when terminating because of a signal
                  - resolve the host and protocol of COMSAT when it is set
                  - save the absolute path form of $LASTFOLDER for the comsat
                    message when it is set
                  - only use the log buffer if it's safe
               - Support LMTP for delivery mode (not enabled by default)
               - Preliminary support for using mmap() for `large' messages
                 (this doesn't work yet)
               - SWITCHRC=zero-length-file didn't always abort the current
                 rcfile
               - Multiple -a options will now set $2, $3, etc
               - Command line assignments to INCLUDERC and SWITCHRC no longer
                 have any effect
               - When delivering to a maildir, don't force the message to end
                 with an empty line
               - Be more paranoid about leaking information between recipients
               - Unset LOCKFILE if we can't actually lock it
               - Set MAILDIR to '.' if the chdir fails
               - LASTFOLDER was sometimes set by '?' conditions
               - Buffer the log more efficiently
               - Use the `standard' format for maildir filenames and retry
                 on name collision
               - Rename by linking to prevent lossage
            Changes to autoconf:
               - IRIX compiler (7.3.1) failed the const check from warnings
            Changes to lockfile:
               - Include the system mailbox lockfile path in the -v output
               - Resist attempts to use a setuid lockfile command
               - Fix infinite loop on -l, -r, or -s flag with no value.
            Documented formail's treatment of >From_ lines as continuations
               of the From_ line and warned of problems caused by non-RFC822
               field names like 'Old-From '
            Clarified procmail's treatment of $@ and $#
            Use long, not off_t, with fseek()/ftell()
            Increase our paranoia: start to use strlcat()
            The default MAILDIR is now configurable separately from the
               default rcfile location
            Include an RPM spec file in the examples directory for automated
               builds
            Include and use mkinstalldirs
            Called nice() when shouldn't have (this time for sure!)
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>
  • Procmail version 3.20 released, Philip Guenther <=