cvs commit: ports/mail/exim Makefile distinfo ports/mail/exim/files patch-exiqgrep.src

Eygene Ryabinkin rea at FreeBSD.org
Wed May 11 11:30:18 UTC 2011 

rea         2011-05-11 11:30:17 UTC

  FreeBSD ports repository

  Modified files:
    mail/exim            Makefile distinfo 
  Added files:
    mail/exim/files      patch-exiqgrep.src 
  Log:
  mail/exim: upgrade to 4.76
  
  4.76 is the security release that fixes CVE-2011-1764, format string
  attack and information leak, both inside the DKIM code.
  
  List of changes (ftp://exim.inode.at/exim/ChangeLogs/ChangeLog-4.76):
  
  PP/01 The new ldap_require_cert option would segfault if used.  Fixed.
  
  PP/02 Harmonised TLS library version reporting; only show if
        debugging.  Layout now matches that introduced for other
        libraries in 4.74 PP/03.
  
  PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
  
  PP/04 New "dns_use_edns0" global option.
  
  PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid.
        Bugzilla 1098.
  
  PP/06 Extra paranoia around buffer usage at the STARTTLS transition.
        nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316
  
  TK/01 Updated PolarSSL code to 0.14.2.
        Bugzilla 1097. Patch from Andreas Metzler.
  
  PP/07 Catch divide-by-zero in ${eval:...}.
        Fixes bugzilla 1102.
  
  PP/08 Condition negation of bool{}/bool_lax{} did not negate.  Fixed.
        Bugzilla 1104.
  
  TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a
        format-string attack -- SECURITY: remote arbitrary code execution.
  
  TK/03 SECURITY - DKIM signature header parsing was double-expanded,
        second time unintentionally subject to list matching rules,
        letting the header cause arbitrary Exim lookups (of items which can
        occur in lists, *not* arbitrary string expansion). This allowed for
        information disclosure.
  
  PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related
        to INT_MIN/-1 -- value coerced to INT_MAX.
  
  New stuff (ftp://exim.inode.at/exim/ChangeLogs/NewStuff-4.76):
  
   1. The global option "dns_use_edns0" may be set to coerce EDNS0 usage
      on or off in the resolver library.
  
  And I am also adding patch for exiqgrep that was taken from
    http://bugs.exim.org/show_bug.cgi?id=1103 [1].
  
  PR: ports/156903 [2], ports/156872 [3]
  Reported-by: Oliver Brandmueller <ob at e-gitt.net> [1], admin at anes.su [2], Alexander Wittig <alexander at wittig.name> [3]
  Approved-by: erwin (mentor)
  Feature-safe: yes
  
  Revision  Changes    Path
  1.259     +1 -1      ports/mail/exim/Makefile
  1.104     +2 -2      ports/mail/exim/distinfo
  1.1       +15 -0     ports/mail/exim/files/patch-exiqgrep.src (new)

More information about the cvs-all mailing list