diffstat of debian/ for exim4_4.80-7 exim4_4.80.1-SprezzOS2 changelog | 12 ++++++++++++ control | 12 +++++++----- patches/84_CVE-2012-5671.patch | 37 ------------------------------------- patches/series | 1 - watch | 4 ++-- 5 files changed, 21 insertions(+), 45 deletions(-) --- exim4-4.80/debian/changelog 2013-01-02 18:37:26.000000000 +0000 +++ exim4-4.80.1/debian/changelog 2013-02-04 07:36:10.000000000 +0000 @@ -1,3 +1,15 @@ +exim4 (4.80.1-SprezzOS2) unstable; urgency=low + + * Move to optional from standard + + -- Nick Black Mon, 04 Feb 2013 02:36:01 -0500 + +exim4 (4.80.1-SprezzOS1) unstable; urgency=low + + * New upstream version + + -- Nick Black Sun, 06 Jan 2013 16:14:54 -0500 + exim4 (4.80-7) unstable; urgency=low * Use exim's ${quote:xxx} operator when invoking spfquery to disallow --- exim4-4.80/debian/control 2012-11-25 08:27:26.000000000 +0000 +++ exim4-4.80.1/debian/control 2013-02-04 07:36:10.000000000 +0000 @@ -1,15 +1,17 @@ Source: exim4 Section: mail -Priority: standard -Maintainer: Exim4 Maintainers -Uploaders: Andreas Metzler ,Marc Haber +Priority: optional +Maintainer: Nick Black +XSBC-Original-Maintainer: Exim4 Maintainers Homepage: http://www.exim.org/ -Standards-Version: 3.9.3 +Standards-Version: 3.9.4 Vcs-Git: git://git.debian.org/git/pkg-exim4/exim4.git Vcs-Browser: http://git.debian.org/?p=pkg-exim4/exim4.git Build-Depends: debhelper (>= 7.0.15), po-debconf, docbook-xsl, xsltproc, lynx-cur | lynx, docbook-xml, libpcre3-dev, libldap2-dev, libpam0g-dev, - libident-dev, libdb5.1-dev, libxmu-dev, libxt-dev, libxext-dev, libx11-dev, + libident-dev, + libdb-dev | libdb5.3-dev, + libxmu-dev, libxt-dev, libxext-dev, libx11-dev, libxaw7-dev, libpq-dev, libmysqlclient-dev | libmysqlclient15-dev, libsqlite3-dev, libperl-dev, libgnutls-dev, libsasl2-dev --- exim4-4.80/debian/patches/84_CVE-2012-5671.patch 2012-11-25 08:27:27.000000000 +0000 +++ exim4-4.80.1/debian/patches/84_CVE-2012-5671.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -From 4263f395efd136dece52d765dfcff3c96f17506e Mon Sep 17 00:00:00 2001 -From: Phil Pennock -Date: Wed, 24 Oct 2012 23:26:29 -0400 -Subject: [PATCH 1/3] SECURITY: DKIM DNS buffer overflow protection - -CVE-2012-5671 - -malloc/heap overflow, with a 60kB window of overwrite. -Requires DNS under control of person sending email, leaves plenty of -evidence, but is very likely exploitable on OSes that have not been -well hardened. - ---- exim4-4.72.orig/src/dkim.c -+++ exim4-4.72/src/dkim.c -@@ -44,6 +44,9 @@ int dkim_exim_query_dns_txt(char *name, - "%.*s", (int)len, (char *)((rr->data)+rr_offset)); - rr_offset+=len; - answer_offset+=len; -+ if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) { -+ return PDKIM_FAIL; -+ } - } - } - else return PDKIM_FAIL; ---- exim4-4.72.orig/src/pdkim/pdkim.h -+++ exim4-4.72/src/pdkim/pdkim.h -@@ -29,8 +29,8 @@ - - /* -------------------------------------------------------------------------- */ - /* Length of the preallocated buffer for the "answer" from the dns/txt -- callback function. */ --#define PDKIM_DNS_TXT_MAX_RECLEN 4096 -+ callback function. This should match the maximum RDLENGTH from DNS. */ -+#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16) - - /* -------------------------------------------------------------------------- */ - /* Function success / error codes */ --- exim4-4.80/debian/patches/series 2012-11-25 08:27:27.000000000 +0000 +++ exim4-4.80.1/debian/patches/series 2013-02-04 07:36:10.000000000 +0000 @@ -13,6 +13,5 @@ 76_tls_dh_min_bits.diff 77_docsfortls_dh_min_bits.diff 78_pkcs11_init.diff -84_CVE-2012-5671.patch 85_server_set_id_SPA.diff 86_Dovecot-robustness.diff --- exim4-4.80/debian/watch 2013-01-02 18:35:23.000000000 +0000 +++ exim4-4.80.1/debian/watch 2013-02-04 07:36:10.000000000 +0000 @@ -1,2 +1,2 @@ -version=2 -ftp://ftp.exim.org/pub/exim/exim4/exim-(4\.\d+)\.tar\.gz +version=3 +ftp://ftp.exim.org/pub/exim/exim4/exim-(4[\.\d]+)\.tar\.bz2