From c241cb12bb292e894e45f063f1a8ddb8a627371d Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Mon, 10 May 2021 03:17:25 +0100 Subject: [PATCH] exim: update to version 4.94.2 Several exploitable vulnerabilities in Exim were reported to us and are fixed. Local vulnerabilities - CVE-2020-28007: Link attack in Exim's log directory - CVE-2020-28008: Assorted attacks in Exim's spool directory - CVE-2020-28014: Arbitrary PID file creation - CVE-2020-28011: Heap buffer overflow in queue_run() - CVE-2020-28010: Heap out-of-bounds write in main() - CVE-2020-28013: Heap buffer overflow in parse_fix_phrase() - CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase() - CVE-2020-28015: New-line injection into spool header file (local) - CVE-2020-28012: Missing close-on-exec flag for privileged pipe - CVE-2020-28009: Integer overflow in get_stdinput() Remote vulnerabilities - CVE-2020-28017: Integer overflow in receive_add_recipient() - CVE-2020-28020: Integer overflow in receive_msg() - CVE-2020-28023: Out-of-bounds read in smtp_setup_msg() - CVE-2020-28021: New-line injection into spool header file (remote) - CVE-2020-28022: Heap out-of-bounds read and write in extract_option() - CVE-2020-28026: Line truncation and injection in spool_read_header() - CVE-2020-28019: Failure to reset function pointer after BDAT error - CVE-2020-28024: Heap buffer underflow in smtp_ungetc() - CVE-2020-28018: Use-after-free in tls-openssl.c - CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash() The update to 4.94.2 also integrates a fix for a printf format issue previously addressed by a local patch which is removed. Signed-off-by: Daniel Golle --- mail/exim/Makefile | 6 ++--- ...use-correct-printf-format-for-size-t.patch | 22 ------------------- .../exim/patches/030-openssl-deprecated.patch | 4 ++-- 3 files changed, 5 insertions(+), 27 deletions(-) delete mode 100644 mail/exim/patches/020-use-correct-printf-format-for-size-t.patch diff --git a/mail/exim/Makefile b/mail/exim/Makefile index c66d7d5c9f..013d8a1401 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=exim -PKG_VERSION:=4.94 -PKG_RELEASE:=2 +PKG_VERSION:=4.94.2 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://ftp.exim.org/pub/exim/exim4/ -PKG_HASH:=f77ee8faf04f5db793243c3ae81c1f4e452cd6ad7dd515a80edf755c4b144bdb +PKG_HASH:=051861fc89f06205162f12129fb7ebfe473383bb6194bf8642952bfd50329274 PKG_MAINTAINER:=Daniel Golle PKG_LICENSE:=GPL-2.0-or-later diff --git a/mail/exim/patches/020-use-correct-printf-format-for-size-t.patch b/mail/exim/patches/020-use-correct-printf-format-for-size-t.patch deleted file mode 100644 index 6dc3c1bf78..0000000000 --- a/mail/exim/patches/020-use-correct-printf-format-for-size-t.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Daniel Golle -Date: Sun, 27 Dec 2020 15:03:22 +0000 -Subject: [PATCH] use correct printf format for size_t - -pdkim.c: In function 'check_bare_ed25519_pubkey': -pdkim.c:1355:60: warning: format '%lu' expects argument of type 'long unsigned int', but argument 2 has type 'size_t' {aka 'unsigned int'} [-Wformat=] - DEBUG(D_acl) debug_printf("DKIM: unexpected pubkey len %lu\n", p->key.len); - ~~^ ~~~~~~~~~~ - %u -Signed-off-by: Daniel Golle ---- ---- a/src/pdkim/pdkim.c -+++ b/src/pdkim/pdkim.c -@@ -1352,7 +1352,7 @@ check_bare_ed25519_pubkey(pdkim_pubkey * - int excess = p->key.len - 32; - if (excess > 0) - { -- DEBUG(D_acl) debug_printf("DKIM: unexpected pubkey len %lu\n", p->key.len); -+ DEBUG(D_acl) debug_printf("DKIM: unexpected pubkey len %zu\n", p->key.len); - p->key.data += excess; p->key.len = 32; - } - } diff --git a/mail/exim/patches/030-openssl-deprecated.patch b/mail/exim/patches/030-openssl-deprecated.patch index 38d2b0dd0e..e890af2db1 100644 --- a/mail/exim/patches/030-openssl-deprecated.patch +++ b/mail/exim/patches/030-openssl-deprecated.patch @@ -45,7 +45,7 @@ X509_set_pubkey(x509, pkey); name = X509_get_subject_name(x509); -@@ -3900,8 +3903,8 @@ fprintf(f, "Library version: OpenSSL: Co +@@ -3897,8 +3900,8 @@ fprintf(f, "Library version: OpenSSL: Co " Runtime: %s\n" " : %s\n", OPENSSL_VERSION_TEXT, @@ -56,7 +56,7 @@ /* third line is 38 characters for the %s and the line is 73 chars long; the OpenSSL output includes a "built on: " prefix already. */ } -@@ -3943,8 +3946,6 @@ if (pidnow != pidlast) +@@ -3940,8 +3943,6 @@ if (pidnow != pidlast) is unique for each thread", this doesn't apparently apply across processes, so our own warning from vaguely_random_number_fallback() applies here too. Fix per PostgreSQL. */ -- 2.30.2