retitle 611446 unblock: exim4/4.72-6 reopen 611446 thanks On 2011-01-29 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote: > On Sat, 2011-01-29 at 14:57 +0100, Andreas Metzler wrote: > > Please unblock package exim4 > > > > This release fixes a a single bug: > > PP/06 Bugzilla 1071: fix delivery logging with untrusted macros. > > If dropping privileges for untrusted macros, we disabled normal logging > > on the basis that it would fail; for the Exim run-time user, this is not > > the case, and it resulted in successful deliveries going unlogged.
> Unblocked, and aged; thanks. Hello, sorry for bothering you again: Please unblock package exim4 Another bug found and fixed. 4.73-3 and later broke filter-testing as regular using (exim4 -bf). This is the issue fixed in DSA-2154-2 (exim4 regression fix) http://lists.debian.org/debian-security-announce/2011/msg00020.html Debian bug: 611572 unblock exim4/4.72-6 thanks, cu andreas
diff -Nru exim4-4.72/debian/changelog exim4-4.72/debian/changelog --- exim4-4.72/debian/changelog 2011-01-29 14:33:59.000000000 +0100 +++ exim4-4.72/debian/changelog 2011-01-31 19:06:05.000000000 +0100 @@ -1,3 +1,11 @@ +exim4 (4.72-6) unstable; urgency=high + + * 80_4.74_filtertesting.diff: Do not abort when setgid fails if privileges + were dropped. This fixes a regression from 4.72-2, it was not possible to + test filter files with exim4 -bf anymore. + + -- Andreas Metzler <ametz...@debian.org> Mon, 31 Jan 2011 19:05:48 +0100 + exim4 (4.72-5) unstable; urgency=medium * 80_4.74_deliverylogging.patch (Pulled from upstream git): If a non-debug diff -Nru exim4-4.72/debian/patches/80_4.74_filtertesting.diff exim4-4.72/debian/patches/80_4.74_filtertesting.diff --- exim4-4.72/debian/patches/80_4.74_filtertesting.diff 1970-01-01 01:00:00.000000000 +0100 +++ exim4-4.72/debian/patches/80_4.74_filtertesting.diff 2011-01-31 19:09:09.000000000 +0100 @@ -0,0 +1,29 @@ +From 33191679e1a86ba6d9c38a74d0795d00c300f2c5 Mon Sep 17 00:00:00 2001 +From: Phil Pennock <p...@exim.org> +Date: Fri, 21 Jan 2011 06:10:35 -0500 +Subject: [PATCH] Tests compat. setgid failure / dropped_privilege + +If we've *dropped* privilege, it's okay to not abort if setgid fails. + + +diff --git a/src/exim.c b/src/exim.c +index 67fbc5c..c8a5da1 100644 +--- a/src/exim.c ++++ b/src/exim.c +@@ -3885,14 +3885,14 @@ else + no need to complain then. */ + if (rv == -1) + { +- if (!unprivileged) ++ if (!(unprivileged || removed_privilege)) + { + fprintf(stderr, + "exim: changing group failed: %s\n", strerror(errno)); + exit(EXIT_FAILURE); + } + else +- debug_printf("changing group to %ld failed: %s\n", ++ DEBUG(D_any) debug_printf("changing group to %ld failed: %s\n", + (long int)exim_gid, strerror(errno)); + } + } diff -Nru exim4-4.72/debian/patches/series exim4-4.72/debian/patches/series --- exim4-4.72/debian/patches/series 2011-01-29 14:24:25.000000000 +0100 +++ exim4-4.72/debian/patches/series 2011-01-31 18:59:30.000000000 +0100 @@ -20,3 +20,4 @@ 80_4.73rc1_8_updatedocumentation.patch 80_4.74_CVE-2011-0017.patch 80_4.74_deliverylogging.patch +80_4.74_filtertesting.diff
signature.asc
Description: Digital signature