diffstat for exim4-4.80 exim4-4.80.1 debian/changelog | 12 +++++++++++ debian/control | 12 ++++++----- debian/patches/84_CVE-2012-5671.patch | 37 ---------------------------------- debian/patches/series | 1 debian/watch | 4 +-- doc/ChangeLog | 8 +++++++ doc/spec.txt | 12 +++++------ scripts/reversion | 32 +++++++++++++++-------------- src/dkim.c | 3 ++ src/pdkim/pdkim.h | 4 +-- src/version.sh | 2 - 11 files changed, 58 insertions(+), 69 deletions(-) diff -Nru exim4-4.80/debian/changelog exim4-4.80.1/debian/changelog --- exim4-4.80/debian/changelog 2013-01-02 18:37:26.000000000 +0000 +++ exim4-4.80.1/debian/changelog 2013-02-04 07:36:10.000000000 +0000 @@ -1,3 +1,15 @@ +exim4 (4.80.1-SprezzOS2) unstable; urgency=low + + * Move to optional from standard + + -- Nick Black Mon, 04 Feb 2013 02:36:01 -0500 + +exim4 (4.80.1-SprezzOS1) unstable; urgency=low + + * New upstream version + + -- Nick Black Sun, 06 Jan 2013 16:14:54 -0500 + exim4 (4.80-7) unstable; urgency=low * Use exim's ${quote:xxx} operator when invoking spfquery to disallow diff -Nru exim4-4.80/debian/control exim4-4.80.1/debian/control --- exim4-4.80/debian/control 2012-11-25 08:27:26.000000000 +0000 +++ exim4-4.80.1/debian/control 2013-02-04 07:36:10.000000000 +0000 @@ -1,15 +1,17 @@ Source: exim4 Section: mail -Priority: standard -Maintainer: Exim4 Maintainers -Uploaders: Andreas Metzler ,Marc Haber +Priority: optional +Maintainer: Nick Black +XSBC-Original-Maintainer: Exim4 Maintainers Homepage: http://www.exim.org/ -Standards-Version: 3.9.3 +Standards-Version: 3.9.4 Vcs-Git: git://git.debian.org/git/pkg-exim4/exim4.git Vcs-Browser: http://git.debian.org/?p=pkg-exim4/exim4.git Build-Depends: debhelper (>= 7.0.15), po-debconf, docbook-xsl, xsltproc, lynx-cur | lynx, docbook-xml, libpcre3-dev, libldap2-dev, libpam0g-dev, - libident-dev, libdb5.1-dev, libxmu-dev, libxt-dev, libxext-dev, libx11-dev, + libident-dev, + libdb-dev | libdb5.3-dev, + libxmu-dev, libxt-dev, libxext-dev, libx11-dev, libxaw7-dev, libpq-dev, libmysqlclient-dev | libmysqlclient15-dev, libsqlite3-dev, libperl-dev, libgnutls-dev, libsasl2-dev diff -Nru exim4-4.80/debian/patches/84_CVE-2012-5671.patch exim4-4.80.1/debian/patches/84_CVE-2012-5671.patch --- exim4-4.80/debian/patches/84_CVE-2012-5671.patch 2012-11-25 08:27:27.000000000 +0000 +++ exim4-4.80.1/debian/patches/84_CVE-2012-5671.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -From 4263f395efd136dece52d765dfcff3c96f17506e Mon Sep 17 00:00:00 2001 -From: Phil Pennock -Date: Wed, 24 Oct 2012 23:26:29 -0400 -Subject: [PATCH 1/3] SECURITY: DKIM DNS buffer overflow protection - -CVE-2012-5671 - -malloc/heap overflow, with a 60kB window of overwrite. -Requires DNS under control of person sending email, leaves plenty of -evidence, but is very likely exploitable on OSes that have not been -well hardened. - ---- exim4-4.72.orig/src/dkim.c -+++ exim4-4.72/src/dkim.c -@@ -44,6 +44,9 @@ int dkim_exim_query_dns_txt(char *name, - "%.*s", (int)len, (char *)((rr->data)+rr_offset)); - rr_offset+=len; - answer_offset+=len; -+ if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) { -+ return PDKIM_FAIL; -+ } - } - } - else return PDKIM_FAIL; ---- exim4-4.72.orig/src/pdkim/pdkim.h -+++ exim4-4.72/src/pdkim/pdkim.h -@@ -29,8 +29,8 @@ - - /* -------------------------------------------------------------------------- */ - /* Length of the preallocated buffer for the "answer" from the dns/txt -- callback function. */ --#define PDKIM_DNS_TXT_MAX_RECLEN 4096 -+ callback function. This should match the maximum RDLENGTH from DNS. */ -+#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16) - - /* -------------------------------------------------------------------------- */ - /* Function success / error codes */ diff -Nru exim4-4.80/debian/patches/series exim4-4.80.1/debian/patches/series --- exim4-4.80/debian/patches/series 2012-11-25 08:27:27.000000000 +0000 +++ exim4-4.80.1/debian/patches/series 2013-02-04 07:36:10.000000000 +0000 @@ -13,6 +13,5 @@ 76_tls_dh_min_bits.diff 77_docsfortls_dh_min_bits.diff 78_pkcs11_init.diff -84_CVE-2012-5671.patch 85_server_set_id_SPA.diff 86_Dovecot-robustness.diff diff -Nru exim4-4.80/debian/watch exim4-4.80.1/debian/watch --- exim4-4.80/debian/watch 2013-01-02 18:35:23.000000000 +0000 +++ exim4-4.80.1/debian/watch 2013-02-04 07:36:10.000000000 +0000 @@ -1,2 +1,2 @@ -version=2 -ftp://ftp.exim.org/pub/exim/exim4/exim-(4\.\d+)\.tar\.gz +version=3 +ftp://ftp.exim.org/pub/exim/exim4/exim-(4[\.\d]+)\.tar\.bz2 diff -Nru exim4-4.80/doc/ChangeLog exim4-4.80.1/doc/ChangeLog --- exim4-4.80/doc/ChangeLog 2012-05-31 00:40:15.000000000 +0000 +++ exim4-4.80.1/doc/ChangeLog 2012-10-25 03:37:38.000000000 +0000 @@ -1,6 +1,14 @@ Change log file for Exim from version 4.21 ------------------------------------------- +Exim version 4.80.1 +------------------- + +PP/01 SECURITY: protect DKIM DNS decoding from remote exploit. + CVE-2012-5671 + This, or similar/improved, will also be change PP/11 of 4.81. + + Exim version 4.80 ----------------- diff -Nru exim4-4.80/doc/spec.txt exim4-4.80.1/doc/spec.txt --- exim4-4.80/doc/spec.txt 2012-05-31 09:35:23.000000000 +0000 +++ exim4-4.80.1/doc/spec.txt 2012-10-25 03:46:58.000000000 +0000 @@ -5,9 +5,9 @@ Copyright (c) 2012 University of Cambridge +-----------------------------------------------------------------------------+ -+-------------------------------------+--------------------------------+------+ -|Revision 4.80 |17 May 2012 |EM | -+-------------------------------------+--------------------------------+------+ ++----------------------------------------+------------------------------+-----+ +|Revision 4.80.1 |24 Oct 2012 |EM | ++----------------------------------------+------------------------------+-----+ ------------------------------------------------------------------------------- TABLE OF CONTENTS @@ -653,7 +653,7 @@ 1.1 Exim documentation ---------------------- -This edition of the Exim specification applies to version 4.80 of Exim. +This edition of the Exim specification applies to version 4.80.1 of Exim. Substantive changes from the 4.75 edition are marked in some renditions of the document; this paragraph is so marked if the rendition is capable of showing a change indicator. @@ -1738,7 +1738,7 @@ Exim is distributed as a gzipped or bzipped tar file which, when unpacked, creates a directory with the name of the current release (for example, -exim-4.80) into which the following files are placed: +exim-4.80.1) into which the following files are placed: ACKNOWLEDGMENTS contains some acknowledgments CHANGES contains a reference to where changes are documented @@ -2348,7 +2348,7 @@ For the utility programs, old versions are renamed by adding the suffix .O to their names. The Exim binary itself, however, is handled differently. It is installed under a name that includes the version number and the compile number, -for example exim-4.80-1. The script then arranges for a symbolic link called +for example exim-4.80.1-1. The script then arranges for a symbolic link called exim to point to the binary. If you are updating a previous version of Exim, the script takes care to ensure that the name exim is never absent from the directory (as seen by other processes). diff -Nru exim4-4.80/scripts/reversion exim4-4.80.1/scripts/reversion --- exim4-4.80/scripts/reversion 2012-05-31 00:40:15.000000000 +0000 +++ exim4-4.80.1/scripts/reversion 2012-10-25 03:37:38.000000000 +0000 @@ -32,21 +32,23 @@ # If this tree is a git working directory, use that to get version information. -if [ -d ../../.git ] || [ "$1" = "release" ] -then - # Modify the output of git describe into separate parts for - # the name "exim" and the release and variant versions. - # Put a dot in the version number and remove a spurious g. - set $(git describe --dirty=-XX --match 'exim-4*' | - sed 's|-| |;s|_|.|;s|[-_]| _|;s|-g|-|') - # Only update if we need to - if [ "$2 $3" != "$EXIM_RELEASE_VERSION $EXIM_VARIANT_VERSION" ] - then - EXIM_RELEASE_VERSION="$2" - EXIM_VARIANT_VERSION="$3" - rm -f version.h - fi -fi +#if [ -d ../../.git ] || [ "$1" = "release" ] +#then +# # Modify the output of git describe into separate parts for +# # the name "exim" and the release and variant versions. +# # Put a dot in the version number and remove a spurious g. +# set $(git describe --dirty=-XX --match 'exim-4*' | +# sed 's|-| |;s|_|.|;s|[-_]| _|;s|-g|-|') +# # Only update if we need to +# if [ "$2 $3" != "$EXIM_RELEASE_VERSION $EXIM_VARIANT_VERSION" ] +# then +# EXIM_RELEASE_VERSION="$2" +# EXIM_VARIANT_VERSION="$3" +# rm -f version.h +# fi +#fi +EXIM_RELEASE_VERSION="4.80.1" +EXIM_VARIANT_VERSION="" # If you are maintaining a patched version of Exim, you can either # create your own version.sh as part of your release process, or you diff -Nru exim4-4.80/src/dkim.c exim4-4.80.1/src/dkim.c --- exim4-4.80/src/dkim.c 2012-05-31 00:40:15.000000000 +0000 +++ exim4-4.80.1/src/dkim.c 2012-10-25 03:37:38.000000000 +0000 @@ -42,6 +42,9 @@ "%.*s", (int)len, (char *)((rr->data)+rr_offset)); rr_offset+=len; answer_offset+=len; + if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) { + return PDKIM_FAIL; + } } } else return PDKIM_FAIL; diff -Nru exim4-4.80/src/pdkim/pdkim.h exim4-4.80.1/src/pdkim/pdkim.h --- exim4-4.80/src/pdkim/pdkim.h 2012-05-31 00:40:15.000000000 +0000 +++ exim4-4.80.1/src/pdkim/pdkim.h 2012-10-25 03:37:38.000000000 +0000 @@ -27,8 +27,8 @@ /* -------------------------------------------------------------------------- */ /* Length of the preallocated buffer for the "answer" from the dns/txt - callback function. */ -#define PDKIM_DNS_TXT_MAX_RECLEN 4096 + callback function. This should match the maximum RDLENGTH from DNS. */ +#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16) /* -------------------------------------------------------------------------- */ /* Function success / error codes */ diff -Nru exim4-4.80/src/version.sh exim4-4.80.1/src/version.sh --- exim4-4.80/src/version.sh 2012-05-31 09:33:43.000000000 +0000 +++ exim4-4.80.1/src/version.sh 2012-10-25 03:45:13.000000000 +0000 @@ -1,4 +1,4 @@ # automatically generated file - see ../scripts/reversion -EXIM_RELEASE_VERSION="4.80" +EXIM_RELEASE_VERSION="4.80.1" EXIM_VARIANT_VERSION="" EXIM_COMPILE_NUMBER="1"