Some minor configure script issues remaining, if you use
--with-random=/dev/path
to configure:
In random128/configure, the line
#define RANDOM "$random_cv_RANDOM"
should read
#define RANDOM "$random"
because $random_cv_RANDOM is a blank string if --with-random=/dev/path
is used.
Similar problem in userdb/configure, with the line
#define RANDOM "$userdb_cv_RANDOM"
which should be
#define RANDOM "$random"
for the same reason.
And, in courier/module.esmtp/configure, the lines
RANDOMV="/dev/random"
if test -r /dev/urandom
then
RANDOMV="/dev/urandom"
fi
need to be changed to match the similar lines in imap/configure, namely:
# Check whether --with-random or --without-random was given.
if test "${with_random+set}" = set; then
withval="$with_random"
RANDOMV="$withval"
else
RANDOMV="/dev/random"
if test -r /dev/urandom
then
RANDOMV="/dev/urandom"
fi
fi
so that esmtp will use the random device specified with
--with-random=/dev/path.
A big thank-you to Sam for the excellent product, and for implementing
the
liblock/lockdaemon.c patch for Solaris which I submitted.
William
Sam Varshavchik wrote:
>
> This release fixes a locally-exploitable bug in Courier 0.37.1 and
earlier,
> identified by Nat Sakimura . A hand-crafted .courier file can be used
to
> insert \r characters in the message queue file. A bug in the function
that
> reads message queue files subsequently results in memory corruption.
>
> If upgrading to 0.37.2 is not feasible, apply the following patch to
0.37.1,
> and earlier: http://www.courier-mta.org/beta/patches/queuefile-fix/.
>
> Download: http://www.courier-mta.org/download.php
>
> --
> Sam
>
> _______________________________________________
> courier-users mailing list
> [EMAIL PROTECTED]
> Unsubscribe:
https://lists.sourceforge.net/lists/listinfo/courier-users
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
