diff options
author | Sergey Matveychuk <sem@FreeBSD.org> | 2005-01-30 15:27:36 +0000 |
---|---|---|
committer | Sergey Matveychuk <sem@FreeBSD.org> | 2005-01-30 15:27:36 +0000 |
commit | 9d9c62c276c71f2aaa4554d9682ae3134c5b8464 (patch) | |
tree | 1b9b70e9f6227a646462a1b7a32dcfa9adf2a63b /mail/exim | |
parent | c7397b2f5d39f9f4694f065b9ecbbad3b1e97c51 (diff) | |
download | ports-9d9c62c276c71f2aaa4554d9682ae3134c5b8464.tar.gz ports-9d9c62c276c71f2aaa4554d9682ae3134c5b8464.zip |
Notes
Diffstat (limited to 'mail/exim')
-rw-r--r-- | mail/exim/Makefile | 4 | ||||
-rw-r--r-- | mail/exim/distinfo | 8 | ||||
-rw-r--r-- | mail/exim/files/patch-securityfix | 123 |
3 files changed, 6 insertions, 129 deletions
diff --git a/mail/exim/Makefile b/mail/exim/Makefile index 2bd8ae7412e3..77a24f07640a 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -7,7 +7,7 @@ PORTNAME= exim PORTVERSION?= ${EXIM_VERSION}+${EXISCAN_VERSION} -PORTREVISION= 1 +PORTREVISION= CATEGORIES= mail MASTER_SITES= ${MASTER_SITE_EXIM:S/$/:exim/} MASTER_SITE_SUBDIR= exim4/:exim @@ -36,7 +36,7 @@ MASTER_SITE_SUBDIR+= sa-exim/:sa_exim DISTFILES+= sa-exim-${SA_EXIM_VERSION}.tar.gz:sa_exim .endif -EXIM_VERSION= 4.43 +EXIM_VERSION= 4.44 EXISCAN_VERSION=28 SA_EXIM_VERSION=4.1 diff --git a/mail/exim/distinfo b/mail/exim/distinfo index 50797da93f87..7d4b662cad2f 100644 --- a/mail/exim/distinfo +++ b/mail/exim/distinfo @@ -1,7 +1,7 @@ -MD5 (exim/exim-4.43.tar.bz2) = f8f646d4920660cb5579becd9265a3bf -SIZE (exim/exim-4.43.tar.bz2) = 1388183 +MD5 (exim/exim-4.44.tar.bz2) = 7487274e013b598d97445987d38b2071 +SIZE (exim/exim-4.44.tar.bz2) = 1364290 MD5 (exim/sa-exim-4.1.tar.gz) = e2ab67741daa08f7df5bc2152bc4aef5 SIZE (exim/sa-exim-4.1.tar.gz) = 59441 -MD5 (exim/exiscan-acl-4.43-28.patch.bz2) = b2c629ee8f7edf7c0641e3cff4a602f6 -SIZE (exim/exiscan-acl-4.43-28.patch.bz2) = 83405 +MD5 (exim/exiscan-acl-4.44-28.patch.bz2) = 72ef5567106e89e6cef1cc742ab52525 +SIZE (exim/exiscan-acl-4.44-28.patch.bz2) = 83434 MD5 (exim/FAQ.txt.bz2) = IGNORE diff --git a/mail/exim/files/patch-securityfix b/mail/exim/files/patch-securityfix deleted file mode 100644 index 1bd5fa9c1a0c..000000000000 --- a/mail/exim/files/patch-securityfix +++ /dev/null @@ -1,123 +0,0 @@ ---- src/lookups/dnsdb.c.orig Wed Jan 5 03:56:48 2005 -+++ src/lookups/dnsdb.c Wed Jan 5 03:57:53 2005 -@@ -125,7 +125,7 @@ - /* If the type is PTR, we have to construct the relevant magic lookup - key. This code is now in a separate function. */ - --if (type == T_PTR) -+if (type == T_PTR && string_is_ip_address(keystring, NULL)) - { - dns_build_reverse(keystring, buffer); - keystring = buffer; ---- src/host.c.orig Wed Jan 5 03:56:59 2005 -+++ src/host.c Wed Jan 5 03:57:53 2005 -@@ -710,12 +710,18 @@ - - if (*p == ':') p++; - -- /* Split the address into components separated by colons. */ -+ /* Split the address into components separated by colons. The input address -+ is supposed to be checked for syntax. There was a case where this was -+ overlooked; to guard against that happening again, check here and crash if -+ there is a violation. */ - - while (*p != 0) - { - int len = Ustrcspn(p, ":"); - if (len == 0) nulloffset = ci; -+ if (ci > 7) log_write(0, LOG_MAIN|LOG_PANIC_DIE, -+ "Internal error: invalid IPv6 address \"%s\" passed to host_aton()", -+ address); - component[ci++] = p; - p += len; - if (*p == ':') p++; ---- src/auths/auth-spa.c.orig Wed Jan 5 03:57:15 2005 -+++ src/auths/auth-spa.c Wed Jan 5 03:57:53 2005 -@@ -404,8 +404,11 @@ - *out = '\0'; - } - -+ -+/* The outlength parameter was added by PH, December 2004 */ -+ - int --spa_base64_to_bits (char *out, const char *in) -+spa_base64_to_bits (char *out, int outlength, const char *in) - /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */ - { - int len = 0; -@@ -418,6 +421,8 @@ - - do - { -+ if (len >= outlength) /* Added by PH */ -+ return (-1); /* Added by PH */ - digit1 = in[0]; - if (DECODE64 (digit1) == BAD) - return (-1); -@@ -435,11 +440,15 @@ - ++len; - if (digit3 != '=') - { -+ if (len >= outlength) /* Added by PH */ -+ return (-1); /* Added by PH */ - *out++ = - ((DECODE64 (digit2) << 4) & 0xf0) | (DECODE64 (digit3) >> 2); - ++len; - if (digit4 != '=') - { -+ if (len >= outlength) /* Added by PH */ -+ return (-1); /* Added by PH */ - *out++ = ((DECODE64 (digit3) << 6) & 0xc0) | DECODE64 (digit4); - ++len; - } ---- src/auths/auth-spa.h.orig Wed Jan 5 03:57:27 2005 -+++ src/auths/auth-spa.h Wed Jan 5 03:57:53 2005 -@@ -9,6 +9,9 @@ - * All the code used here was torn by Marc Prud'hommeaux out of the - * Samba project (by Andrew Tridgell, Jeremy Allison, and others). - */ -+ -+/* December 2004: The spa_base64_to_bits() function has no length checking in -+it. I have added a check. PH */ - - /* It seems that some systems have existing but different definitions of some - of the following types. I received a complaint about "int16" causing -@@ -75,7 +78,7 @@ - #define spa_request_length(ptr) (((ptr)->buffer - (uint8x*)(ptr)) + (ptr)->bufIndex) - - void spa_bits_to_base64 (unsigned char *, const unsigned char *, int); --int spa_base64_to_bits(char *, const char *); -+int spa_base64_to_bits(char *, int, const char *); - void spa_build_auth_response (SPAAuthChallenge *challenge, - SPAAuthResponse *response, char *user, char *password); - void spa_build_auth_request (SPAAuthRequest *request, char *user, ---- src/auths/spa.c.orig Wed Jan 5 03:57:38 2005 -+++ src/auths/spa.c Wed Jan 5 03:57:53 2005 -@@ -133,7 +133,7 @@ - return FAIL; - } - --if (spa_base64_to_bits((char *)(&request), (const char *)(data)) < 0) -+if (spa_base64_to_bits((char *)(&request), sizeof(request), (const char *)(data)) < 0) - { - DEBUG(D_auth) debug_printf("auth_spa_server(): bad base64 data in " - "request: %s\n", data); -@@ -153,7 +153,7 @@ - } - - /* dump client response */ --if (spa_base64_to_bits((char *)(&response), (const char *)(data)) < 0) -+if (spa_base64_to_bits((char *)(&response), sizeof(response), (const char *)(data)) < 0) - { - DEBUG(D_auth) debug_printf("auth_spa_server(): bad base64 data in " - "response: %s\n", data); -@@ -319,7 +319,7 @@ - /* convert the challenge into the challenge struct */ - DSPA("\n\n%s authenticator: challenge (%s)\n\n", - ablock->name, buffer + 4); -- spa_base64_to_bits ((char *)(&challenge), (const char *)(buffer + 4)); -+ spa_base64_to_bits ((char *)(&challenge), sizeof(challenge), (const char *)(buffer + 4)); - - spa_build_auth_response (&challenge, &response, - CS username, CS password); |