mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-08-09 15:27:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

community/exim: security upgrade to 4.98

Browse Source
This commit is contained in:
J0WI 2024-07-11 00:30:28 +02:00 committed by Celeste
parent 64de3d0e92
commit ba3cbfcacb
2 changed files with 4 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
community/exim/APKBUILD
View File

@ -5,7 +5,7 @@
# Contributor: Jesse Young <jlyo@jlyo.org> # Contributor: Jesse Young <jlyo@jlyo.org>
# Maintainer: Celeste <cielesti@protonmail.com> # Maintainer: Celeste <cielesti@protonmail.com>
pkgname=exim pkgname=exim
pkgver=4.97.1 pkgver=4.98
pkgrel=0 pkgrel=0
pkgdesc="Message Transfer Agent" pkgdesc="Message Transfer Agent"
url="https://www.exim.org/" url="https://www.exim.org/"
@ -26,7 +26,6 @@ subpackages="$pkgname-cdb $pkgname-dbmdb $pkgname-dnsdb $pkgname-doc
" "
source="https://ftp.exim.org/pub/exim/exim4/exim-$pkgver.tar.xz source="https://ftp.exim.org/pub/exim/exim4/exim-$pkgver.tar.xz
bounce-charset.patch bounce-charset.patch
dnsdb-multi-chunk.patch
exim.Makefile exim.Makefile
exim.confd exim.confd
exim.initd exim.initd
@ -35,6 +34,8 @@ source="https://ftp.exim.org/pub/exim/exim4/exim-$pkgver.tar.xz
" "
# secfixes: # secfixes:
# 4.98-r0:
# - CVE-2024-39929
# 4.97.1-r0: # 4.97.1-r0:
# - CVE-2023-51766 # - CVE-2023-51766
# 4.96.2-r0: # 4.96.2-r0:
@ -159,9 +160,8 @@ dbmdb() { _mv_ext dbmdb; }
dnsdb() { _mv_ext dnsdb; } dnsdb() { _mv_ext dnsdb; }
sha512sums=" sha512sums="
eab7ca28b37f1635c48f5e963ab69fcbad539b2c35a84286ecaad7d7ff5210bbefce86452302e08099afdc0710f9cb7ca6d9b152b0ba88a19292f7c5541e0cfc exim-4.97.1.tar.xz 13dd963dd0899bb4d64bee44c20883e720e469a4d77456b877d6693cfc4419805a045cb561508cdf763dbb37cc84fbdc6177d68acc2183934c3224fbd03caf15 exim-4.98.tar.xz
6ea7670e30815807272d1d9033e75836b883cb2f14f05f0d38aa3f8aecd2516c0763a29f71267b6380f9e606156c889a5c77d444545769af68baaffb80d0dac7 bounce-charset.patch 6ea7670e30815807272d1d9033e75836b883cb2f14f05f0d38aa3f8aecd2516c0763a29f71267b6380f9e606156c889a5c77d444545769af68baaffb80d0dac7 bounce-charset.patch
0599b5140495a563da1e5368045ad9a6fe496c8b519591359f9915bc9d036183ae83584d5e62dd5bd95d6e5554c93483b7968fee8536068b36fd93c4f32dfa25 dnsdb-multi-chunk.patch
198224ca544c2780c5d8106bb74304d871dcfde7d90707291d7e478b8950efe33488accfd896cb86b1a5b4f32ae6040ac0c44907f1b0843ef64037bea55f5e66 exim.Makefile 198224ca544c2780c5d8106bb74304d871dcfde7d90707291d7e478b8950efe33488accfd896cb86b1a5b4f32ae6040ac0c44907f1b0843ef64037bea55f5e66 exim.Makefile
bb6f5ead067af19ace661cc92bcd428da97570aedd1f9dc5b61a34e7e3fb3e028be6c96d51df73353bdfcaf69a3ee053fb03d245f868d63ebf518aa96ec82d66 exim.confd bb6f5ead067af19ace661cc92bcd428da97570aedd1f9dc5b61a34e7e3fb3e028be6c96d51df73353bdfcaf69a3ee053fb03d245f868d63ebf518aa96ec82d66 exim.confd
3769e74a54566362bcdf57c45fbf7d130d7a7529fbc40befce431eef0387df117c71a5b57779c507e30d5b125913b5f26c9d16b17995521a1d94997be6dc3e02 exim.initd 3769e74a54566362bcdf57c45fbf7d130d7a7529fbc40befce431eef0387df117c71a5b57779c507e30d5b125913b5f26c9d16b17995521a1d94997be6dc3e02 exim.initd

71
community/exim/dnsdb-multi-chunk.patch
View File

@ -1,71 +0,0 @@
Adapted from https://git.exim.org/exim.git/patch/79670d3c32ccb37fe06f25d8192943b58606a32a
Reference: https://bugs.exim.org/show_bug.cgi?id=3054
--
From 79670d3c32ccb37fe06f25d8192943b58606a32a Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Fri, 17 Nov 2023 16:55:17 +0000
Subject: [PATCH] Lookups: Fix dnsdb lookup of multi-chunk TXT. Bug 3054
Broken=by: f6b1f8e7d642
--- a/src/lookups/dnsdb.c
+++ b/src/lookups/dnsdb.c
@@ -387,38 +387,31 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0)))
}
/* Other kinds of record just have one piece of data each, but there may be
- several of them, of course. */
+ several of them, of course. TXT & SPF can have data in multiple chunks. */
if (yield->ptr) yield = string_catn(yield, outsep, 1);
if (type == T_TXT || type == T_SPF)
- {
- if (!outsep2) /* output only the first item of data */
+ for (unsigned data_offset = 0; data_offset + 1 < rr->size; )
{
- uschar n = (rr->data)[0];
- /* size byte + data bytes must not excced the RRs length */
- if (n + 1 <= rr->size)
- yield = string_catn(yield, US (rr->data+1), n);
+ uschar chunk_len = (rr->data)[data_offset];
+ int remain;
+
+ if (outsep2 && *outsep2 && data_offset != 0)
+ yield = string_catn(yield, outsep2, 1);
+
+ /* Apparently there are resolvers that do not check RRs before passing
+ them on, and glibc fails to do so. So every application must...
+ Check for chunk len exceeding RR */
+
+ remain = rr->size - ++data_offset;
+ if (chunk_len > remain)
+ chunk_len = remain;
+ yield = string_catn(yield, US ((rr->data) + data_offset), chunk_len);
+ data_offset += chunk_len;
+
+ if (!outsep2) break; /* output only the first chunk of the RR */
}
- else
- for (unsigned data_offset = 0; data_offset < rr->size; )
- {
- uschar chunk_len = (rr->data)[data_offset];
- int remain = rr->size - data_offset;
-
- /* Apparently there are resolvers that do not check RRs before passing
- them on, and glibc fails to do so. So every application must...
- Check for chunk len exceeding RR */
-
- if (chunk_len > remain)
- chunk_len = remain;
-
- if (*outsep2 && data_offset != 0)
- yield = string_catn(yield, outsep2, 1);
- yield = string_catn(yield, US ((rr->data) + ++data_offset), --chunk_len);
- data_offset += chunk_len;
- }
- }
else if (type == T_TLSA)
if (rr->size < 3)
continue;