diff options
author | adam <adam@pkgsrc.org> | 2011-05-09 13:30:47 +0000 |
---|---|---|
committer | adam <adam@pkgsrc.org> | 2011-05-09 13:30:47 +0000 |
commit | 5b6861ce0046c658d8e1d4b3c66a54c6931fd85f (patch) | |
tree | f1afde847f299aa17cd39babcc825e469687993b /mail/exim | |
parent | 6370a265e08059a735a0041e1044cfb352d00dd6 (diff) | |
download | pkgsrc-5b6861ce0046c658d8e1d4b3c66a54c6931fd85f.tar.gz |
Changes 4.76:
* The new ldap_require_cert option would segfault if used. Fixed.
* Harmonised TLS library version reporting; only show if debugging.
Layout now matches that introduced for other libraries in 4.74 PP/03.
* New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
* New "dns_use_edns0" global option.
* Don't segfault on misconfiguration of ref:name exim-user as uid.
* Extra paranoia around buffer usage at the STARTTLS transition.
nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316
* Updated PolarSSL code to 0.14.2.
* Catch divide-by-zero in ${eval:...}.
* Condition negation of bool{}/bool_lax{} did not negate. Fixed.
* CVE-2011-1764 - DKIM log line was subject to a format-string attack --
SECURITY: remote arbitrary code execution.
* SECURITY - DKIM signature header parsing was double-expanded, second
time unintentionally subject to list matching rules, letting the header
cause arbitrary Exim lookups (of items which can occur in lists, *not*
arbitrary string expansion). This allowed for information disclosure.
* Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to
INT_MIN/-1 -- value coerced to INT_MAX.
Diffstat (limited to 'mail/exim')
-rw-r--r-- | mail/exim/Makefile | 5 | ||||
-rw-r--r-- | mail/exim/distinfo | 14 | ||||
-rw-r--r-- | mail/exim/patches/patch-aa | 16 | ||||
-rw-r--r-- | mail/exim/patches/patch-ac | 30 | ||||
-rw-r--r-- | mail/exim/patches/patch-ah | 24 | ||||
-rw-r--r-- | mail/exim/patches/patch-ba | 13 |
6 files changed, 40 insertions, 62 deletions
diff --git a/mail/exim/Makefile b/mail/exim/Makefile index c00a67a32ba..cfba26df38c 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.107 2011/05/07 14:32:02 drochner Exp $ +# $NetBSD: Makefile,v 1.108 2011/05/09 13:30:47 adam Exp $ -DISTNAME= exim-4.75 -PKGREVISION= 1 +DISTNAME= exim-4.76 CATEGORIES= mail net MASTER_SITES= ftp://ftp.exim.org/pub/exim/exim4/ \ http://dl.ambiweb.de/mirrors/ftp.exim.org/exim/exim4/ diff --git a/mail/exim/distinfo b/mail/exim/distinfo index 9a95bd0874c..e6bb90915c9 100644 --- a/mail/exim/distinfo +++ b/mail/exim/distinfo @@ -1,12 +1,10 @@ -$NetBSD: distinfo,v 1.50 2011/05/07 14:32:02 drochner Exp $ +$NetBSD: distinfo,v 1.51 2011/05/09 13:30:47 adam Exp $ -SHA1 (exim-4.75.tar.bz2) = e3196a9035f433c380bb2cec4cbbcfd7ad6c00b3 -RMD160 (exim-4.75.tar.bz2) = 2dfea8750cc95d057c0b804c0379f69fbed927a9 -Size (exim-4.75.tar.bz2) = 1600867 bytes -SHA1 (patch-aa) = 2ec7f3c7c6e18c7cc2388de00c1108b56c239ab8 +SHA1 (exim-4.76.tar.bz2) = b0df27b0407eef2d79e130597916cde18f2bbe30 +RMD160 (exim-4.76.tar.bz2) = b619e6e6674584c97ae0503911e95e1016407c34 +Size (exim-4.76.tar.bz2) = 1605832 bytes +SHA1 (patch-aa) = 5b9b5f459151912b936bf91d393072b872d48d5c SHA1 (patch-ab) = ffb9fb28e4e5548777db31b3de34673a08a1c0fa -SHA1 (patch-ac) = 9a260a07f5e8cc89c60188925f01fc5b46164a37 +SHA1 (patch-ac) = 84bb4c01868fc28b7b00bcd9aacab0dddf4c01c8 SHA1 (patch-ae) = 4a9d2fde403cfd6386742b31f062e7801ef081b9 SHA1 (patch-ag) = 8512795060ad913f4699c277867fd24e7a785519 -SHA1 (patch-ah) = 99eae6cf5a3d4b771db39934c3e468706f7497b9 -SHA1 (patch-ba) = 6647a95bb8e3bce2bc7f075e4be2217b3a97ce8b diff --git a/mail/exim/patches/patch-aa b/mail/exim/patches/patch-aa index edeb0c8058c..20d4ce8f1af 100644 --- a/mail/exim/patches/patch-aa +++ b/mail/exim/patches/patch-aa @@ -1,6 +1,6 @@ -$NetBSD: patch-aa,v 1.21 2011/01/12 07:52:44 adam Exp $ +$NetBSD: patch-aa,v 1.22 2011/05/09 13:30:47 adam Exp $ ---- Local/Makefile.pkgsrc.orig 2011-01-12 07:35:17.000000000 +0000 +--- Local/Makefile.pkgsrc.orig 2011-05-09 13:16:39.000000000 +0000 +++ Local/Makefile.pkgsrc @@ -100,7 +100,7 @@ # /usr/local/sbin. The installation script will try to create this directory, @@ -47,7 +47,7 @@ $NetBSD: patch-aa,v 1.21 2011/01/12 07:52:44 adam Exp $ -@@ -332,7 +332,7 @@ PCRE_LIBS=-lpcre +@@ -357,7 +357,7 @@ PCRE_LIBS=-lpcre # files are defaulted in the OS/Makefile-Default file, but can be overridden in # local OS-specific make files. @@ -56,7 +56,7 @@ $NetBSD: patch-aa,v 1.21 2011/01/12 07:52:44 adam Exp $ #------------------------------------------------------------------------------ -@@ -527,11 +527,11 @@ FIXED_NEVER_USERS=root +@@ -552,11 +552,11 @@ FIXED_NEVER_USERS=root # included in the Exim binary. You will then need to set up the run time # configuration to make use of the mechanism(s) selected. @@ -71,7 +71,7 @@ $NetBSD: patch-aa,v 1.21 2011/01/12 07:52:44 adam Exp $ #------------------------------------------------------------------------------ -@@ -697,7 +697,7 @@ HEADERS_CHARSET="ISO-8859-1" +@@ -722,7 +722,7 @@ HEADERS_CHARSET="ISO-8859-1" # %s. This will be replaced by one of the strings "main", "panic", or "reject" # to form the final file names. Some installations may want something like this: @@ -80,7 +80,7 @@ $NetBSD: patch-aa,v 1.21 2011/01/12 07:52:44 adam Exp $ # which results in files with names /var/log/exim_mainlog, etc. The directory # in which the log files are placed must exist; Exim does not try to create -@@ -945,13 +945,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases +@@ -970,13 +970,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases # haven't got Perl, Exim will still build and run; you just won't be able to # use those utilities. @@ -101,7 +101,7 @@ $NetBSD: patch-aa,v 1.21 2011/01/12 07:52:44 adam Exp $ #------------------------------------------------------------------------------ -@@ -1145,7 +1145,7 @@ TMPDIR="/tmp" +@@ -1170,7 +1170,7 @@ TMPDIR="/tmp" # (process id) to a file so that it can easily be identified. The path of the # file can be specified here. Some installations may want something like this: @@ -110,7 +110,7 @@ $NetBSD: patch-aa,v 1.21 2011/01/12 07:52:44 adam Exp $ # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory # using the name "exim-daemon.pid". -@@ -1197,3 +1197,10 @@ TMPDIR="/tmp" +@@ -1222,3 +1222,10 @@ TMPDIR="/tmp" # ENABLE_DISABLE_FSYNC=yes # End of EDITME for Exim 4. diff --git a/mail/exim/patches/patch-ac b/mail/exim/patches/patch-ac index 38e522a0938..3f4a036a1b7 100644 --- a/mail/exim/patches/patch-ac +++ b/mail/exim/patches/patch-ac @@ -1,8 +1,8 @@ -$NetBSD: patch-ac,v 1.14 2010/11/08 13:59:11 adam Exp $ +$NetBSD: patch-ac,v 1.15 2011/05/09 13:30:47 adam Exp $ ---- src/dns.c.orig 2009-11-16 19:50:36.000000000 +0000 +--- src/dns.c.orig 2011-05-09 08:36:25.000000000 +0000 +++ src/dns.c -@@ -168,18 +168,34 @@ Returns: nothing +@@ -168,26 +168,39 @@ Returns: nothing void dns_init(BOOL qualify_single, BOOL search_parents) { @@ -38,13 +38,31 @@ $NetBSD: patch-ac,v 1.14 2010/11/08 13:59:11 adam Exp $ -if (dns_retry > 0) _res.retry = dns_retry; +if (dns_retrans > 0) rs->retrans = dns_retrans; +if (dns_retry > 0) rs->retry = dns_retry; + + #ifdef RES_USE_EDNS0 + if (dns_use_edns0 >= 0) + { + if (dns_use_edns0) +- _res.options |= RES_USE_EDNS0; ++ rs->options |= RES_USE_EDNS0; + else +- _res.options &= ~RES_USE_EDNS0; ++ rs->options &= ~RES_USE_EDNS0; + DEBUG(D_resolver) + debug_printf("Coerced resolver EDNS0 support %s.\n", + dns_use_edns0 ? "on" : "off"); +@@ -198,6 +211,10 @@ if (dns_use_edns0 >= 0) + debug_printf("Unable to %sset EDNS0 without resolver support.\n", + dns_use_edns0 ? "" : "un"); + #endif ++ +#ifdef __NetBSD__ +__res_put_state(rs); +#endif } -@@ -424,9 +440,15 @@ Returns: the return code +@@ -442,9 +459,15 @@ Returns: the return code static int dns_return(uschar *name, int type, int rc) { @@ -61,7 +79,7 @@ $NetBSD: patch-ac,v 1.14 2010/11/08 13:59:11 adam Exp $ node->data.val = rc; (void)tree_insertnode(&tree_dns_fails, node); return rc; -@@ -466,6 +488,12 @@ dns_basic_lookup(dns_answer *dnsa, uscha +@@ -484,6 +507,12 @@ dns_basic_lookup(dns_answer *dnsa, uscha int rc = -1; uschar *save; #endif @@ -74,7 +92,7 @@ $NetBSD: patch-ac,v 1.14 2010/11/08 13:59:11 adam Exp $ tree_node *previous; uschar node_name[290]; -@@ -476,7 +504,7 @@ have many addresses in the same domain. +@@ -494,7 +523,7 @@ have many addresses in the same domain. caching for successful lookups. */ sprintf(CS node_name, "%.255s-%s-%lx", name, dns_text_type(type), diff --git a/mail/exim/patches/patch-ah b/mail/exim/patches/patch-ah deleted file mode 100644 index 4c8c79e2385..00000000000 --- a/mail/exim/patches/patch-ah +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-ah,v 1.1 2011/05/07 14:32:02 drochner Exp $ - -CVE-2011-1764 - ---- src/dkim.c.orig 2011-03-22 08:00:51.000000000 +0000 -+++ src/dkim.c -@@ -108,7 +108,7 @@ void dkim_exim_verify_finish(void) { - /* Log a line for each signature */ - uschar *logmsg = string_append(NULL, &size, &ptr, 5, - -- string_sprintf( "DKIM: d=%s s=%s c=%s/%s a=%s ", -+ string_sprintf( "d=%s s=%s c=%s/%s a=%s ", - sig->domain, - sig->selector, - (sig->canon_headers == PDKIM_CANON_SIMPLE)?"simple":"relaxed", -@@ -176,7 +176,7 @@ void dkim_exim_verify_finish(void) { - } - - logmsg[ptr] = '\0'; -- log_write(0, LOG_MAIN, (char *)logmsg); -+ log_write(0, LOG_MAIN, "DKIM: %s", logmsg); - - /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */ - dkim_signers = string_append(dkim_signers, diff --git a/mail/exim/patches/patch-ba b/mail/exim/patches/patch-ba deleted file mode 100644 index 92eb17b3c25..00000000000 --- a/mail/exim/patches/patch-ba +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ba,v 1.2 2011/03/22 13:52:19 adam Exp $ - ---- src/lookups/ldap.c.orig 2011-03-22 11:32:30.000000000 +0000 -+++ src/lookups/ldap.c -@@ -481,7 +481,7 @@ if (lcp == NULL) - { - cert_option = LDAP_OPT_X_TLS_TRY; - } -- ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, cert_option); -+ ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &cert_option); - } - #endif - |