Thank you Phil,
To build this on OpenIndiana (and I would assume Solaris) apart from the
usual changes to the Local/Makefile I had to modify one file which
expected /bin/sh to be a bash like shell.
*** scripts/lookups-Makefile.orig Fri Oct 26 14:06:47 2012
--- scripts/lookups-Makefile Fri Oct 26 13:37:32 2012
***************
*** 1,4 ****
--- 1,5 ----
#! /bin/sh
+ alias local=typeset
# We turn the configure-built build-$foo/lookups/Makefile.predynamic
into Makefile
Without this you get errors of the form:
`Makefile' is up to date.
Missing CFLAGS_DYNAMIC inhibits building dynamic module lookup
../scripts/lookups-Makefile[86]: local: not found [No such file or
directory]
../scripts/lookups-Makefile[87]: local: not found [No such file or
directory]
../scripts/lookups-Makefile[65]: local: not found [No such file or
directory]
../scripts/lookups-Makefile[66]: local: not found [No such file or
directory]
Inhibited dynamic modules prevents building dynamic
*** Error code 1
The following command caused the error:
cd build-${build:-`/usr/bin/bash scripts/os-type`-`/usr/bin/bash
scripts/arch-type`}; \
build= /usr/bin/bash ../scripts/Configure-Makefile; \
/usr/bin/bash ../scripts/lookups-Makefile
make: Fatal error: Command failed for target `configure'
On 10/26/12 09:35, Phil Pennock wrote:
Folks,
During internal code review on Wednesday, I uncovered a remote code
execution hole in Exim, affecting releases 4.70 to 4.80, in the DKIM
handling. This can be triggered by anyone who can send you email from a
domain for which they control the DNS, and gets them the Exim run-time
user.
Thanks to a certain Wired article, I decided this area of the codebase
(of many MTAs) would be likely to be reviewed by more than just me, so
it would be sheer hubris to hope that this remained undiscovered by
blackhats.
So Exim 4.80.1 has been cut, which has no new features, none of the
other changes, and is "4.80 plus security fix"; the patch and
notification were available to vendors from late Wednesday, and I sucked
it up and accepted that I would be deeply unpopular with a Friday
release, after the vendors had Thursday to prep.
At 8am UTC, I released Exim 4.80.1. The patch should apply cleanly to
any affected version of Exim, so your vendor should have a clean patch
for you.
For those who build/maintain their own Exim releases, but have not kept
up-to-date on Exim and are not ready to move to 4.80/4.80.1, you will
wish to study:
http://git.exim.org/exim.git/commit/4263f395efd136dece52d765dfcff3c96f17506e
Regards,
-Phil
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
