Diffusion FreeBSD ports repository 1cb912fd52ce

mail/exim: update to 4.94.2 security release
1cb912fd52ce
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

mail/exim: update to 4.94.2 security release

New upstream security release. + Release based on +fixes branch. + Fixes multiple security vulnerabilities reported by Qualys and adds related robustness improvements. (Special thanks to Heiko) CVE-2020-28023: Out-of-bounds read in smtp_setup_msg() CVE-2020-28007: Link attack in Exim's log directory CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase() CVE-2020-28012: Missing close-on-exec flag for privileged pipe CVE-2020-28024: Heap buffer underflow in smtp_ungetc() CVE-2020-28009: Integer overflow in get_stdinput() CVE-2020-28015, CVE-28021: New-line injection into spool header file CVE-2020-28026: Line truncation and injection in spool_read_header() CVE-2020-28022: Heap out-of-bounds read and write in extract_option() CVE-2020-28017: Integer overflow in receive_add_recipient() CVE-2020-28013: Heap buffer overflow in parse_fix_phrase() CVE-2020-28011: Heap buffer overflow in queue_run() CVE-2020-28010: Heap out-of-bounds write in main() CVE-2020-28018: Use-after-free in tls-openssl.c CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash() CVE-2020-28014, CVE-2021-27216: PID file handling CVE-2020-28008: Assorted attacks in Exim's spool directory CVE-2020-28019: Failure to reset function pointer after BDAT error
Incorporate debian patches to turn taint failures into warnings.

(cherry picked from commit 0a629bd71087f75c3b334edb53b01ec68709ab60)

Details

Provenance

Authored on May 4 2021, 3:57 PM

Parents

R11:fe770f233784: databases/redis-devel: update to 6.2.3.

Branches

Unknown

Tags

Unknown

Event Timeline

fluffy committed R11:1cb912fd52ce: mail/exim: update to 4.94.2 security release (authored by fluffy).May 4 2021, 4:03 PM

Changes (66)

Path

Size

mail/

exim/

files/

75_01-Introduce-main-config-option-allow_insecure_tainted_.patch

75_02-search.patch

75_03-dbstuff.patch

75_04-acl.patch

75_05-parse.patch

75_06-rda.patch

75_07-appendfile.patch

75_08-autoreply.patch

75_09-pipe.patch

75_10-deliver.patch

75_11-directory.patch

75_12-expand.patch

75_13-lf_sqlperform.patch

75_14-rf_get_transport.patch

75_15-deliver.patch

75_16-smtp_out.patch

75_17-smtp.patch

75_18-update-doc.patch

75_20-Set-mainlog_name-and-rejectlog_name-unconditionally.patch

75_21-tidy-log.c.patch

75_22-Silence-compiler.patch

75_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch

75_24-Silence-the-compiler.patch

75_26-Disable-taintchecks-for-mkdir-this-isn-t-part-of-4.9.patch

patch-z0002-Taint-fix-pam-expansion-condition.-Bug-2587

patch-z0003-Taint-fix-listcount-expansion-operator.-Bug-2586

patch-z0004-Docs-fix-mistaken-variable-name

patch-z0006-Docs-typoes

patch-z0007-Taint-fix-multiple-ACL-actions-to-properly-manage-tainted-

patch-z0008-Fix-bi.-Bug-2590

patch-z0009-Filters-fix-vacation-in-Exim-filter.-Bug-2593

patch-z0010-TLS-use-RFC-6125-rules-for-certifucate-name-checks-when-CN

patch-z0011-Taint-fix-radius-expansion-condition

patch-z0012-smtp_accept_map_per_host-call-search_tidyup-in-fail-path.-

patch-z0013-Taint-fix-verify.-Bug-2598

patch-z0014-Fix-string_copy-macro-to-not-multiple-eval-args.-Bug-2603

patch-z0015-Cutthrough-handle-request-when-a-callout-hold-is-active.-B

patch-z0016-Lookups-Fix-subdir-filter-on-a-dsearch

patch-z0018-Sqlite-fix-segfault-on-bad-missing-sqlite_dbfile.-Bug-2606

patch-z0019-Taint-fix-ACL-spam-condition-to-permit-tainted-name-argume

patch-z0020-Fix-message-reception-clock-usage.-Bug-2615

patch-z0021-typoes

patch-z0022-Fix-DKIM-signing-to-always-terminate.-Bug-2295

patch-z0023-Fix-taint-trap-in-parse_fix_phrase-.-Bug-2617

patch-z0024-Taint-fix-ACL-spam-condition-to-permit-tainted-name-argume

patch-z0025-Fix-debug_print_socket

patch-z0026-debug_print_socket-output-formatting

patch-z0027-Fix-spelling-of-local_part_data-in-docs-and-debug-output

patch-z0028-Fix-readsocket-eol-replacement.-Bug-2630

patch-z0029-Taint-fix-off-by-one-in-is_tainted-.-Bug-2634

patch-z0030-Build-ifdef-guard-for-EXPERIMENTAL_QUEUEFILE

patch-z0031-Taint-fix-off-by-one-in-is_tainted-.-Bug-2634

patch-z0032-DANE-force-SNI-to-use-domain.-Bug-2265

patch-z0033-DANE-Fix-2-rcpt-message-diff-domins-case.-Bug-2265

patch-z0034-Fix-non-DANE-build

patch-z0035-DANE-Fix-2-messages-from-queue-case

patch-z0036-Fix-non-DANE-build

patch-z0038-GnuTLS-clear-errno-before-any-data-i-o-op-so-error-logging

patch-z0039-Fix-non-TLS-build

patch-z0040-eximon-fix-FreeBSD-build

patch-z0041-LDAP-fix-taint-check-in-server-list-walk.-Bug-2646

patch-z0042-Pass-authenticator-pubname-through-spool.-Bug-2648

R11:1cb912fd52ce

mail/exim/Makefile

Loading...

mail/exim/distinfo

Loading...

mail/exim/files/debian/75_01-Introduce-main-config-option-allow_insecure_tainted_.patch

Loading...

mail/exim/files/debian/75_02-search.patch

Loading...

mail/exim/files/debian/75_03-dbstuff.patch

Loading...

mail/exim/files/debian/75_04-acl.patch

Loading...

mail/exim/files/debian/75_05-parse.patch

Loading...

mail/exim/files/debian/75_06-rda.patch

Loading...

mail/exim/files/debian/75_07-appendfile.patch

Loading...

mail/exim/files/debian/75_08-autoreply.patch

Loading...

mail/exim/files/debian/75_09-pipe.patch

Loading...

mail/exim/files/debian/75_10-deliver.patch

Loading...

mail/exim/files/debian/75_11-directory.patch

Loading...

mail/exim/files/debian/75_12-expand.patch

Loading...

mail/exim/files/debian/75_13-lf_sqlperform.patch

Loading...

mail/exim/files/debian/75_14-rf_get_transport.patch

Loading...

mail/exim/files/debian/75_15-deliver.patch

Loading...

mail/exim/files/debian/75_16-smtp_out.patch

Loading...

mail/exim/files/debian/75_17-smtp.patch

Loading...

mail/exim/files/debian/75_18-update-doc.patch

Loading...

mail/exim/files/debian/75_20-Set-mainlog_name-and-rejectlog_name-unconditionally.patch

Loading...

mail/exim/files/debian/75_21-tidy-log.c.patch

Loading...

mail/exim/files/debian/75_22-Silence-compiler.patch

Loading...

mail/exim/files/debian/75_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch

Loading...

mail/exim/files/debian/75_24-Silence-the-compiler.patch

Loading...

mail/exim/files/debian/75_26-Disable-taintchecks-for-mkdir-this-isn-t-part-of-4.9.patch

Loading...

mail/exim/files/patch-z0002-Taint-fix-pam-expansion-condition.-Bug-2587

Loading...

mail/exim/files/patch-z0003-Taint-fix-listcount-expansion-operator.-Bug-2586

Loading...

mail/exim/files/patch-z0004-Docs-fix-mistaken-variable-name

Loading...

mail/exim/files/patch-z0006-Docs-typoes

Loading...

mail/exim/files/patch-z0007-Taint-fix-multiple-ACL-actions-to-properly-manage-tainted-

Loading...

mail/exim/files/patch-z0008-Fix-bi.-Bug-2590

Loading...

mail/exim/files/patch-z0009-Filters-fix-vacation-in-Exim-filter.-Bug-2593

Loading...

mail/exim/files/patch-z0010-TLS-use-RFC-6125-rules-for-certifucate-name-checks-when-CN

Loading...

mail/exim/files/patch-z0011-Taint-fix-radius-expansion-condition

Loading...

mail/exim/files/patch-z0012-smtp_accept_map_per_host-call-search_tidyup-in-fail-path.-

Loading...

mail/exim/files/patch-z0013-Taint-fix-verify.-Bug-2598

Loading...

mail/exim/files/patch-z0014-Fix-string_copy-macro-to-not-multiple-eval-args.-Bug-2603

Loading...

mail/exim/files/patch-z0015-Cutthrough-handle-request-when-a-callout-hold-is-active.-B

Loading...

mail/exim/files/patch-z0016-Lookups-Fix-subdir-filter-on-a-dsearch

Loading...

mail/exim/files/patch-z0018-Sqlite-fix-segfault-on-bad-missing-sqlite_dbfile.-Bug-2606

Loading...

mail/exim/files/patch-z0019-Taint-fix-ACL-spam-condition-to-permit-tainted-name-argume

Loading...

mail/exim/files/patch-z0020-Fix-message-reception-clock-usage.-Bug-2615

Loading...

mail/exim/files/patch-z0021-typoes

Loading...

mail/exim/files/patch-z0022-Fix-DKIM-signing-to-always-terminate.-Bug-2295

Loading...

mail/exim/files/patch-z0023-Fix-taint-trap-in-parse_fix_phrase-.-Bug-2617

Loading...

mail/exim/files/patch-z0024-Taint-fix-ACL-spam-condition-to-permit-tainted-name-argume

Loading...

mail/exim/files/patch-z0025-Fix-debug_print_socket

Loading...

mail/exim/files/patch-z0026-debug_print_socket-output-formatting

Loading...

mail/exim/files/patch-z0027-Fix-spelling-of-local_part_data-in-docs-and-debug-output

Loading...

mail/exim/files/patch-z0028-Fix-readsocket-eol-replacement.-Bug-2630

Loading...

mail/exim/files/patch-z0029-Taint-fix-off-by-one-in-is_tainted-.-Bug-2634

Loading...

mail/exim/files/patch-z0030-Build-ifdef-guard-for-EXPERIMENTAL_QUEUEFILE

Loading...

mail/exim/files/patch-z0031-Taint-fix-off-by-one-in-is_tainted-.-Bug-2634

Loading...

mail/exim/files/patch-z0032-DANE-force-SNI-to-use-domain.-Bug-2265

Loading...

mail/exim/files/patch-z0033-DANE-Fix-2-rcpt-message-diff-domins-case.-Bug-2265

Loading...

mail/exim/files/patch-z0034-Fix-non-DANE-build

Loading...

mail/exim/files/patch-z0035-DANE-Fix-2-messages-from-queue-case

Loading...

mail/exim/files/patch-z0036-Fix-non-DANE-build

Loading...

mail/exim/files/patch-z0038-GnuTLS-clear-errno-before-any-data-i-o-op-so-error-logging

Loading...

mail/exim/files/patch-z0039-Fix-non-TLS-build

Loading...

mail/exim/files/patch-z0040-eximon-fix-FreeBSD-build

Loading...

mail/exim/files/patch-z0041-LDAP-fix-taint-check-in-server-list-walk.-Bug-2646

Loading...

mail/exim/files/patch-z0042-Pass-authenticator-pubname-through-spool.-Bug-2648

Loading...

mail/exim/options

Loading...