summaryrefslogtreecommitdiff
path: root/mail/exim
diff options
context:
space:
mode:
authoradam <adam@pkgsrc.org>2011-05-09 13:30:47 +0000
committeradam <adam@pkgsrc.org>2011-05-09 13:30:47 +0000
commit5b6861ce0046c658d8e1d4b3c66a54c6931fd85f (patch)
treef1afde847f299aa17cd39babcc825e469687993b /mail/exim
parent6370a265e08059a735a0041e1044cfb352d00dd6 (diff)
downloadpkgsrc-5b6861ce0046c658d8e1d4b3c66a54c6931fd85f.tar.gz
Changes 4.76:
* The new ldap_require_cert option would segfault if used. Fixed. * Harmonised TLS library version reporting; only show if debugging. Layout now matches that introduced for other libraries in 4.74 PP/03. * New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1 * New "dns_use_edns0" global option. * Don't segfault on misconfiguration of ref:name exim-user as uid. * Extra paranoia around buffer usage at the STARTTLS transition. nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316 * Updated PolarSSL code to 0.14.2. * Catch divide-by-zero in ${eval:...}. * Condition negation of bool{}/bool_lax{} did not negate. Fixed. * CVE-2011-1764 - DKIM log line was subject to a format-string attack -- SECURITY: remote arbitrary code execution. * SECURITY - DKIM signature header parsing was double-expanded, second time unintentionally subject to list matching rules, letting the header cause arbitrary Exim lookups (of items which can occur in lists, *not* arbitrary string expansion). This allowed for information disclosure. * Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to INT_MIN/-1 -- value coerced to INT_MAX.
Diffstat (limited to 'mail/exim')
-rw-r--r--mail/exim/Makefile5
-rw-r--r--mail/exim/distinfo14
-rw-r--r--mail/exim/patches/patch-aa16
-rw-r--r--mail/exim/patches/patch-ac30
-rw-r--r--mail/exim/patches/patch-ah24
-rw-r--r--mail/exim/patches/patch-ba13
6 files changed, 40 insertions, 62 deletions
diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index c00a67a32ba..cfba26df38c 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.107 2011/05/07 14:32:02 drochner Exp $
+# $NetBSD: Makefile,v 1.108 2011/05/09 13:30:47 adam Exp $
-DISTNAME= exim-4.75
-PKGREVISION= 1
+DISTNAME= exim-4.76
CATEGORIES= mail net
MASTER_SITES= ftp://ftp.exim.org/pub/exim/exim4/ \
http://dl.ambiweb.de/mirrors/ftp.exim.org/exim/exim4/
diff --git a/mail/exim/distinfo b/mail/exim/distinfo
index 9a95bd0874c..e6bb90915c9 100644
--- a/mail/exim/distinfo
+++ b/mail/exim/distinfo
@@ -1,12 +1,10 @@
-$NetBSD: distinfo,v 1.50 2011/05/07 14:32:02 drochner Exp $
+$NetBSD: distinfo,v 1.51 2011/05/09 13:30:47 adam Exp $
-SHA1 (exim-4.75.tar.bz2) = e3196a9035f433c380bb2cec4cbbcfd7ad6c00b3
-RMD160 (exim-4.75.tar.bz2) = 2dfea8750cc95d057c0b804c0379f69fbed927a9
-Size (exim-4.75.tar.bz2) = 1600867 bytes
-SHA1 (patch-aa) = 2ec7f3c7c6e18c7cc2388de00c1108b56c239ab8
+SHA1 (exim-4.76.tar.bz2) = b0df27b0407eef2d79e130597916cde18f2bbe30
+RMD160 (exim-4.76.tar.bz2) = b619e6e6674584c97ae0503911e95e1016407c34
+Size (exim-4.76.tar.bz2) = 1605832 bytes
+SHA1 (patch-aa) = 5b9b5f459151912b936bf91d393072b872d48d5c
SHA1 (patch-ab) = ffb9fb28e4e5548777db31b3de34673a08a1c0fa
-SHA1 (patch-ac) = 9a260a07f5e8cc89c60188925f01fc5b46164a37
+SHA1 (patch-ac) = 84bb4c01868fc28b7b00bcd9aacab0dddf4c01c8
SHA1 (patch-ae) = 4a9d2fde403cfd6386742b31f062e7801ef081b9
SHA1 (patch-ag) = 8512795060ad913f4699c277867fd24e7a785519
-SHA1 (patch-ah) = 99eae6cf5a3d4b771db39934c3e468706f7497b9
-SHA1 (patch-ba) = 6647a95bb8e3bce2bc7f075e4be2217b3a97ce8b
diff --git a/mail/exim/patches/patch-aa b/mail/exim/patches/patch-aa
index edeb0c8058c..20d4ce8f1af 100644
--- a/mail/exim/patches/patch-aa
+++ b/mail/exim/patches/patch-aa
@@ -1,6 +1,6 @@
-$NetBSD: patch-aa,v 1.21 2011/01/12 07:52:44 adam Exp $
+$NetBSD: patch-aa,v 1.22 2011/05/09 13:30:47 adam Exp $
---- Local/Makefile.pkgsrc.orig 2011-01-12 07:35:17.000000000 +0000
+--- Local/Makefile.pkgsrc.orig 2011-05-09 13:16:39.000000000 +0000
+++ Local/Makefile.pkgsrc
@@ -100,7 +100,7 @@
# /usr/local/sbin. The installation script will try to create this directory,
@@ -47,7 +47,7 @@ $NetBSD: patch-aa,v 1.21 2011/01/12 07:52:44 adam Exp $
-@@ -332,7 +332,7 @@ PCRE_LIBS=-lpcre
+@@ -357,7 +357,7 @@ PCRE_LIBS=-lpcre
# files are defaulted in the OS/Makefile-Default file, but can be overridden in
# local OS-specific make files.
@@ -56,7 +56,7 @@ $NetBSD: patch-aa,v 1.21 2011/01/12 07:52:44 adam Exp $
#------------------------------------------------------------------------------
-@@ -527,11 +527,11 @@ FIXED_NEVER_USERS=root
+@@ -552,11 +552,11 @@ FIXED_NEVER_USERS=root
# included in the Exim binary. You will then need to set up the run time
# configuration to make use of the mechanism(s) selected.
@@ -71,7 +71,7 @@ $NetBSD: patch-aa,v 1.21 2011/01/12 07:52:44 adam Exp $
#------------------------------------------------------------------------------
-@@ -697,7 +697,7 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -722,7 +722,7 @@ HEADERS_CHARSET="ISO-8859-1"
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
# to form the final file names. Some installations may want something like this:
@@ -80,7 +80,7 @@ $NetBSD: patch-aa,v 1.21 2011/01/12 07:52:44 adam Exp $
# which results in files with names /var/log/exim_mainlog, etc. The directory
# in which the log files are placed must exist; Exim does not try to create
-@@ -945,13 +945,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+@@ -970,13 +970,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
# haven't got Perl, Exim will still build and run; you just won't be able to
# use those utilities.
@@ -101,7 +101,7 @@ $NetBSD: patch-aa,v 1.21 2011/01/12 07:52:44 adam Exp $
#------------------------------------------------------------------------------
-@@ -1145,7 +1145,7 @@ TMPDIR="/tmp"
+@@ -1170,7 +1170,7 @@ TMPDIR="/tmp"
# (process id) to a file so that it can easily be identified. The path of the
# file can be specified here. Some installations may want something like this:
@@ -110,7 +110,7 @@ $NetBSD: patch-aa,v 1.21 2011/01/12 07:52:44 adam Exp $
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
# using the name "exim-daemon.pid".
-@@ -1197,3 +1197,10 @@ TMPDIR="/tmp"
+@@ -1222,3 +1222,10 @@ TMPDIR="/tmp"
# ENABLE_DISABLE_FSYNC=yes
# End of EDITME for Exim 4.
diff --git a/mail/exim/patches/patch-ac b/mail/exim/patches/patch-ac
index 38e522a0938..3f4a036a1b7 100644
--- a/mail/exim/patches/patch-ac
+++ b/mail/exim/patches/patch-ac
@@ -1,8 +1,8 @@
-$NetBSD: patch-ac,v 1.14 2010/11/08 13:59:11 adam Exp $
+$NetBSD: patch-ac,v 1.15 2011/05/09 13:30:47 adam Exp $
---- src/dns.c.orig 2009-11-16 19:50:36.000000000 +0000
+--- src/dns.c.orig 2011-05-09 08:36:25.000000000 +0000
+++ src/dns.c
-@@ -168,18 +168,34 @@ Returns: nothing
+@@ -168,26 +168,39 @@ Returns: nothing
void
dns_init(BOOL qualify_single, BOOL search_parents)
{
@@ -38,13 +38,31 @@ $NetBSD: patch-ac,v 1.14 2010/11/08 13:59:11 adam Exp $
-if (dns_retry > 0) _res.retry = dns_retry;
+if (dns_retrans > 0) rs->retrans = dns_retrans;
+if (dns_retry > 0) rs->retry = dns_retry;
+
+ #ifdef RES_USE_EDNS0
+ if (dns_use_edns0 >= 0)
+ {
+ if (dns_use_edns0)
+- _res.options |= RES_USE_EDNS0;
++ rs->options |= RES_USE_EDNS0;
+ else
+- _res.options &= ~RES_USE_EDNS0;
++ rs->options &= ~RES_USE_EDNS0;
+ DEBUG(D_resolver)
+ debug_printf("Coerced resolver EDNS0 support %s.\n",
+ dns_use_edns0 ? "on" : "off");
+@@ -198,6 +211,10 @@ if (dns_use_edns0 >= 0)
+ debug_printf("Unable to %sset EDNS0 without resolver support.\n",
+ dns_use_edns0 ? "" : "un");
+ #endif
++
+#ifdef __NetBSD__
+__res_put_state(rs);
+#endif
}
-@@ -424,9 +440,15 @@ Returns: the return code
+@@ -442,9 +459,15 @@ Returns: the return code
static int
dns_return(uschar *name, int type, int rc)
{
@@ -61,7 +79,7 @@ $NetBSD: patch-ac,v 1.14 2010/11/08 13:59:11 adam Exp $
node->data.val = rc;
(void)tree_insertnode(&tree_dns_fails, node);
return rc;
-@@ -466,6 +488,12 @@ dns_basic_lookup(dns_answer *dnsa, uscha
+@@ -484,6 +507,12 @@ dns_basic_lookup(dns_answer *dnsa, uscha
int rc = -1;
uschar *save;
#endif
@@ -74,7 +92,7 @@ $NetBSD: patch-ac,v 1.14 2010/11/08 13:59:11 adam Exp $
tree_node *previous;
uschar node_name[290];
-@@ -476,7 +504,7 @@ have many addresses in the same domain.
+@@ -494,7 +523,7 @@ have many addresses in the same domain.
caching for successful lookups. */
sprintf(CS node_name, "%.255s-%s-%lx", name, dns_text_type(type),
diff --git a/mail/exim/patches/patch-ah b/mail/exim/patches/patch-ah
deleted file mode 100644
index 4c8c79e2385..00000000000
--- a/mail/exim/patches/patch-ah
+++ /dev/null
@@ -1,24 +0,0 @@
-$NetBSD: patch-ah,v 1.1 2011/05/07 14:32:02 drochner Exp $
-
-CVE-2011-1764
-
---- src/dkim.c.orig 2011-03-22 08:00:51.000000000 +0000
-+++ src/dkim.c
-@@ -108,7 +108,7 @@ void dkim_exim_verify_finish(void) {
- /* Log a line for each signature */
- uschar *logmsg = string_append(NULL, &size, &ptr, 5,
-
-- string_sprintf( "DKIM: d=%s s=%s c=%s/%s a=%s ",
-+ string_sprintf( "d=%s s=%s c=%s/%s a=%s ",
- sig->domain,
- sig->selector,
- (sig->canon_headers == PDKIM_CANON_SIMPLE)?"simple":"relaxed",
-@@ -176,7 +176,7 @@ void dkim_exim_verify_finish(void) {
- }
-
- logmsg[ptr] = '\0';
-- log_write(0, LOG_MAIN, (char *)logmsg);
-+ log_write(0, LOG_MAIN, "DKIM: %s", logmsg);
-
- /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */
- dkim_signers = string_append(dkim_signers,
diff --git a/mail/exim/patches/patch-ba b/mail/exim/patches/patch-ba
deleted file mode 100644
index 92eb17b3c25..00000000000
--- a/mail/exim/patches/patch-ba
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-ba,v 1.2 2011/03/22 13:52:19 adam Exp $
-
---- src/lookups/ldap.c.orig 2011-03-22 11:32:30.000000000 +0000
-+++ src/lookups/ldap.c
-@@ -481,7 +481,7 @@ if (lcp == NULL)
- {
- cert_option = LDAP_OPT_X_TLS_TRY;
- }
-- ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, cert_option);
-+ ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &cert_option);
- }
- #endif
-