diff options
| author | maya <maya@pkgsrc.org> | 2018-03-08 15:14:54 +0000 |
|---|---|---|
| committer | maya <maya@pkgsrc.org> | 2018-03-08 15:14:54 +0000 |
| commit | c5d66199db38bc8056d7759e59a5a6b94b7caea0 (patch) | |
| tree | 96de139e0a787c81366409374f50bc3bbe52e65e /mail | |
| parent | 9f2f3d47e72ed2886ae0ce0e1f877bf0740953ad (diff) | |
| download | pkgsrc-c5d66199db38bc8056d7759e59a5a6b94b7caea0.tar.gz | |
exim3: attempt to patch CVE-2018-6789
I'm not an exim user, so this might not work, but the file hasn't
changed very much between exim4 and exim3.
PKGREVISION++
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/exim3/Makefile | 4 | ||||
| -rw-r--r-- | mail/exim3/distinfo | 3 | ||||
| -rw-r--r-- | mail/exim3/patches/patch-src_auths_b64decode.c | 22 |
3 files changed, 26 insertions, 3 deletions
diff --git a/mail/exim3/Makefile b/mail/exim3/Makefile index 7c202c049ab..8cbcded2edd 100644 --- a/mail/exim3/Makefile +++ b/mail/exim3/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.50 2017/01/19 18:52:16 agc Exp $ +# $NetBSD: Makefile,v 1.51 2018/03/08 15:14:54 maya Exp $ DISTNAME= exim-3.36 -PKGREVISION= 17 +PKGREVISION= 18 CATEGORIES= mail net MASTER_SITES= ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim3/ MASTER_SITES+= http://public.planetmirror.com.au/pub/exim/exim3/ diff --git a/mail/exim3/distinfo b/mail/exim3/distinfo index 42f2539264b..4d192e62e84 100644 --- a/mail/exim3/distinfo +++ b/mail/exim3/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.10 2015/11/03 23:27:05 agc Exp $ +$NetBSD: distinfo,v 1.11 2018/03/08 15:14:54 maya Exp $ SHA1 (exim-3.36.tar.bz2) = 2a06a2858ebf8cdedf2e41fa3f258b5e468e270d RMD160 (exim-3.36.tar.bz2) = 2654601eaf54fc15c1ebeabfee53c828f2fd22dd @@ -20,3 +20,4 @@ SHA1 (patch-am) = 26f66062bb133340ed2b336008673a78bd017e9e SHA1 (patch-an) = 7d40d720613b88772bb69993ffbfc754c9310acb SHA1 (patch-ao) = b96e99cf56f205a7273759a2f090c1eed188cc36 SHA1 (patch-ap) = bba7a0412976e7c022a48ed47207e9d9b42f073f +SHA1 (patch-src_auths_b64decode.c) = 88b05f32655806580a179ea151644d2ebdb34803 diff --git a/mail/exim3/patches/patch-src_auths_b64decode.c b/mail/exim3/patches/patch-src_auths_b64decode.c new file mode 100644 index 00000000000..a31a2263401 --- /dev/null +++ b/mail/exim3/patches/patch-src_auths_b64decode.c @@ -0,0 +1,22 @@ +$NetBSD: patch-src_auths_b64decode.c,v 1.1 2018/03/08 15:14:54 maya Exp $ + +CVE-2018-6789 off by one +From https://github.com/Exim/exim/commit/062990cc1b2f9e5d82a413b53c8f0569075de700 + +--- src/auths/b64decode.c.orig 2002-04-04 12:56:16.000000000 +0000 ++++ src/auths/b64decode.c +@@ -43,9 +43,12 @@ int + auth_b64decode(char *code, char **ptr) + { + register int x, y; +-char *result = store_get(3*((int)strlen(code)/4) + 1); ++char *result; + +-*ptr = result; ++{ ++ int l = strlen(code); ++ *ptr = result = store_get(1 + l/4 * 3 + l%4); ++} + + /* Each cycle of the loop handles a quantum of 4 input bytes. For the last + quantum this may decode to 1, 2, or 3 output bytes. */ |