diff --git a/community/exim/APKBUILD b/community/exim/APKBUILD index 7ac89654fd6..93cab639bc0 100644 --- a/community/exim/APKBUILD +++ b/community/exim/APKBUILD @@ -5,7 +5,7 @@ # Contributor: Jesse Young # Maintainer: Celeste pkgname=exim -pkgver=4.97.1 +pkgver=4.98 pkgrel=0 pkgdesc="Message Transfer Agent" url="https://www.exim.org/" @@ -26,7 +26,6 @@ subpackages="$pkgname-cdb $pkgname-dbmdb $pkgname-dnsdb $pkgname-doc " source="https://ftp.exim.org/pub/exim/exim4/exim-$pkgver.tar.xz bounce-charset.patch - dnsdb-multi-chunk.patch exim.Makefile exim.confd exim.initd @@ -35,6 +34,8 @@ source="https://ftp.exim.org/pub/exim/exim4/exim-$pkgver.tar.xz " # secfixes: +# 4.98-r0: +# - CVE-2024-39929 # 4.97.1-r0: # - CVE-2023-51766 # 4.96.2-r0: @@ -159,9 +160,8 @@ dbmdb() { _mv_ext dbmdb; } dnsdb() { _mv_ext dnsdb; } sha512sums=" -eab7ca28b37f1635c48f5e963ab69fcbad539b2c35a84286ecaad7d7ff5210bbefce86452302e08099afdc0710f9cb7ca6d9b152b0ba88a19292f7c5541e0cfc exim-4.97.1.tar.xz +13dd963dd0899bb4d64bee44c20883e720e469a4d77456b877d6693cfc4419805a045cb561508cdf763dbb37cc84fbdc6177d68acc2183934c3224fbd03caf15 exim-4.98.tar.xz 6ea7670e30815807272d1d9033e75836b883cb2f14f05f0d38aa3f8aecd2516c0763a29f71267b6380f9e606156c889a5c77d444545769af68baaffb80d0dac7 bounce-charset.patch -0599b5140495a563da1e5368045ad9a6fe496c8b519591359f9915bc9d036183ae83584d5e62dd5bd95d6e5554c93483b7968fee8536068b36fd93c4f32dfa25 dnsdb-multi-chunk.patch 198224ca544c2780c5d8106bb74304d871dcfde7d90707291d7e478b8950efe33488accfd896cb86b1a5b4f32ae6040ac0c44907f1b0843ef64037bea55f5e66 exim.Makefile bb6f5ead067af19ace661cc92bcd428da97570aedd1f9dc5b61a34e7e3fb3e028be6c96d51df73353bdfcaf69a3ee053fb03d245f868d63ebf518aa96ec82d66 exim.confd 3769e74a54566362bcdf57c45fbf7d130d7a7529fbc40befce431eef0387df117c71a5b57779c507e30d5b125913b5f26c9d16b17995521a1d94997be6dc3e02 exim.initd diff --git a/community/exim/dnsdb-multi-chunk.patch b/community/exim/dnsdb-multi-chunk.patch deleted file mode 100644 index 9b65a658551..00000000000 --- a/community/exim/dnsdb-multi-chunk.patch +++ /dev/null @@ -1,71 +0,0 @@ -Adapted from https://git.exim.org/exim.git/patch/79670d3c32ccb37fe06f25d8192943b58606a32a - -Reference: https://bugs.exim.org/show_bug.cgi?id=3054 --- -From 79670d3c32ccb37fe06f25d8192943b58606a32a Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Fri, 17 Nov 2023 16:55:17 +0000 -Subject: [PATCH] Lookups: Fix dnsdb lookup of multi-chunk TXT. Bug 3054 - -Broken=by: f6b1f8e7d642 - ---- a/src/lookups/dnsdb.c -+++ b/src/lookups/dnsdb.c -@@ -387,38 +387,31 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0))) - } - - /* Other kinds of record just have one piece of data each, but there may be -- several of them, of course. */ -+ several of them, of course. TXT & SPF can have data in multiple chunks. */ - - if (yield->ptr) yield = string_catn(yield, outsep, 1); - - if (type == T_TXT || type == T_SPF) -- { -- if (!outsep2) /* output only the first item of data */ -+ for (unsigned data_offset = 0; data_offset + 1 < rr->size; ) - { -- uschar n = (rr->data)[0]; -- /* size byte + data bytes must not excced the RRs length */ -- if (n + 1 <= rr->size) -- yield = string_catn(yield, US (rr->data+1), n); -+ uschar chunk_len = (rr->data)[data_offset]; -+ int remain; -+ -+ if (outsep2 && *outsep2 && data_offset != 0) -+ yield = string_catn(yield, outsep2, 1); -+ -+ /* Apparently there are resolvers that do not check RRs before passing -+ them on, and glibc fails to do so. So every application must... -+ Check for chunk len exceeding RR */ -+ -+ remain = rr->size - ++data_offset; -+ if (chunk_len > remain) -+ chunk_len = remain; -+ yield = string_catn(yield, US ((rr->data) + data_offset), chunk_len); -+ data_offset += chunk_len; -+ -+ if (!outsep2) break; /* output only the first chunk of the RR */ - } -- else -- for (unsigned data_offset = 0; data_offset < rr->size; ) -- { -- uschar chunk_len = (rr->data)[data_offset]; -- int remain = rr->size - data_offset; -- -- /* Apparently there are resolvers that do not check RRs before passing -- them on, and glibc fails to do so. So every application must... -- Check for chunk len exceeding RR */ -- -- if (chunk_len > remain) -- chunk_len = remain; -- -- if (*outsep2 && data_offset != 0) -- yield = string_catn(yield, outsep2, 1); -- yield = string_catn(yield, US ((rr->data) + ++data_offset), --chunk_len); -- data_offset += chunk_len; -- } -- } - else if (type == T_TLSA) - if (rr->size < 3) - continue;