mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-08-07 06:17:14 +02:00
community/exim: security upgrade to 4.98
This commit is contained in:
J0WI
Celeste
parent
64de3d0e92
commit
ba3cbfcacb
@ -5,7 +5,7 @@
|
||||
# Contributor: Jesse Young <jlyo@jlyo.org>
|
||||
# Maintainer: Celeste <cielesti@protonmail.com>
|
||||
pkgname=exim
|
||||
pkgver=4.97.1
|
||||
pkgver=4.98
|
||||
pkgrel=0
|
||||
pkgdesc="Message Transfer Agent"
|
||||
url="https://www.exim.org/"
|
||||
@ -26,7 +26,6 @@ subpackages="$pkgname-cdb $pkgname-dbmdb $pkgname-dnsdb $pkgname-doc
|
||||
"
|
||||
source="https://ftp.exim.org/pub/exim/exim4/exim-$pkgver.tar.xz
|
||||
bounce-charset.patch
|
||||
dnsdb-multi-chunk.patch
|
||||
exim.Makefile
|
||||
exim.confd
|
||||
exim.initd
|
||||
@ -35,6 +34,8 @@ source="https://ftp.exim.org/pub/exim/exim4/exim-$pkgver.tar.xz
|
||||
"
|
||||
|
||||
# secfixes:
|
||||
# 4.98-r0:
|
||||
# - CVE-2024-39929
|
||||
# 4.97.1-r0:
|
||||
# - CVE-2023-51766
|
||||
# 4.96.2-r0:
|
||||
@ -159,9 +160,8 @@ dbmdb() { _mv_ext dbmdb; }
|
||||
dnsdb() { _mv_ext dnsdb; }
|
||||
|
||||
sha512sums="
|
||||
eab7ca28b37f1635c48f5e963ab69fcbad539b2c35a84286ecaad7d7ff5210bbefce86452302e08099afdc0710f9cb7ca6d9b152b0ba88a19292f7c5541e0cfc exim-4.97.1.tar.xz
|
||||
13dd963dd0899bb4d64bee44c20883e720e469a4d77456b877d6693cfc4419805a045cb561508cdf763dbb37cc84fbdc6177d68acc2183934c3224fbd03caf15 exim-4.98.tar.xz
|
||||
6ea7670e30815807272d1d9033e75836b883cb2f14f05f0d38aa3f8aecd2516c0763a29f71267b6380f9e606156c889a5c77d444545769af68baaffb80d0dac7 bounce-charset.patch
|
||||
0599b5140495a563da1e5368045ad9a6fe496c8b519591359f9915bc9d036183ae83584d5e62dd5bd95d6e5554c93483b7968fee8536068b36fd93c4f32dfa25 dnsdb-multi-chunk.patch
|
||||
198224ca544c2780c5d8106bb74304d871dcfde7d90707291d7e478b8950efe33488accfd896cb86b1a5b4f32ae6040ac0c44907f1b0843ef64037bea55f5e66 exim.Makefile
|
||||
bb6f5ead067af19ace661cc92bcd428da97570aedd1f9dc5b61a34e7e3fb3e028be6c96d51df73353bdfcaf69a3ee053fb03d245f868d63ebf518aa96ec82d66 exim.confd
|
||||
3769e74a54566362bcdf57c45fbf7d130d7a7529fbc40befce431eef0387df117c71a5b57779c507e30d5b125913b5f26c9d16b17995521a1d94997be6dc3e02 exim.initd
|
||||
|
||||
@ -1,71 +0,0 @@
|
||||
Adapted from https://git.exim.org/exim.git/patch/79670d3c32ccb37fe06f25d8192943b58606a32a
|
||||
|
||||
Reference: https://bugs.exim.org/show_bug.cgi?id=3054
|
||||
--
|
||||
From 79670d3c32ccb37fe06f25d8192943b58606a32a Mon Sep 17 00:00:00 2001
|
||||
From: Jeremy Harris <jgh146exb@wizmail.org>
|
||||
Date: Fri, 17 Nov 2023 16:55:17 +0000
|
||||
Subject: [PATCH] Lookups: Fix dnsdb lookup of multi-chunk TXT. Bug 3054
|
||||
|
||||
Broken=by: f6b1f8e7d642
|
||||
|
||||
--- a/src/lookups/dnsdb.c
|
||||
+++ b/src/lookups/dnsdb.c
|
||||
@@ -387,38 +387,31 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0)))
|
||||
}
|
||||
|
||||
/* Other kinds of record just have one piece of data each, but there may be
|
||||
- several of them, of course. */
|
||||
+ several of them, of course. TXT & SPF can have data in multiple chunks. */
|
||||
|
||||
if (yield->ptr) yield = string_catn(yield, outsep, 1);
|
||||
|
||||
if (type == T_TXT || type == T_SPF)
|
||||
- {
|
||||
- if (!outsep2) /* output only the first item of data */
|
||||
+ for (unsigned data_offset = 0; data_offset + 1 < rr->size; )
|
||||
{
|
||||
- uschar n = (rr->data)[0];
|
||||
- /* size byte + data bytes must not excced the RRs length */
|
||||
- if (n + 1 <= rr->size)
|
||||
- yield = string_catn(yield, US (rr->data+1), n);
|
||||
+ uschar chunk_len = (rr->data)[data_offset];
|
||||
+ int remain;
|
||||
+
|
||||
+ if (outsep2 && *outsep2 && data_offset != 0)
|
||||
+ yield = string_catn(yield, outsep2, 1);
|
||||
+
|
||||
+ /* Apparently there are resolvers that do not check RRs before passing
|
||||
+ them on, and glibc fails to do so. So every application must...
|
||||
+ Check for chunk len exceeding RR */
|
||||
+
|
||||
+ remain = rr->size - ++data_offset;
|
||||
+ if (chunk_len > remain)
|
||||
+ chunk_len = remain;
|
||||
+ yield = string_catn(yield, US ((rr->data) + data_offset), chunk_len);
|
||||
+ data_offset += chunk_len;
|
||||
+
|
||||
+ if (!outsep2) break; /* output only the first chunk of the RR */
|
||||
}
|
||||
- else
|
||||
- for (unsigned data_offset = 0; data_offset < rr->size; )
|
||||
- {
|
||||
- uschar chunk_len = (rr->data)[data_offset];
|
||||
- int remain = rr->size - data_offset;
|
||||
-
|
||||
- /* Apparently there are resolvers that do not check RRs before passing
|
||||
- them on, and glibc fails to do so. So every application must...
|
||||
- Check for chunk len exceeding RR */
|
||||
-
|
||||
- if (chunk_len > remain)
|
||||
- chunk_len = remain;
|
||||
-
|
||||
- if (*outsep2 && data_offset != 0)
|
||||
- yield = string_catn(yield, outsep2, 1);
|
||||
- yield = string_catn(yield, US ((rr->data) + ++data_offset), --chunk_len);
|
||||
- data_offset += chunk_len;
|
||||
- }
|
||||
- }
|
||||
else if (type == T_TLSA)
|
||||
if (rr->size < 3)
|
||||
continue;
|
||||
Loading…
Reference in New Issue
Block a user