Bug 156903 - security update: mail/exim: upgrade to 4.76
Summary: security update: mail/exim: upgrade to 4.76
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Eygene Ryabinkin
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-05-09 10:40 UTC by Anes Mukhametov
Modified: 2011-05-12 10:28 UTC (History)
0 users

See Also:

Attachments
exim.port.patch (1009 bytes, patch)
2011-05-09 10:40 UTC, Anes Mukhametov 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Anes Mukhametov 2011-05-09 10:40:09 UTC 
	Upgrade to 4.76. 
	CVE-2011-1764 fixed in 4.76. Additional changes can be found at http://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.76
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2011-05-09 10:40:24 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->rea

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer freebsd_triage 2011-05-11 12:30:31 UTC 
rea         2011-05-11 11:30:17 UTC

  FreeBSD ports repository

  Modified files:
    mail/exim            Makefile distinfo 
  Added files:
    mail/exim/files      patch-exiqgrep.src 
  Log:
  mail/exim: upgrade to 4.76
  
  4.76 is the security release that fixes CVE-2011-1764, format string
  attack and information leak, both inside the DKIM code.
  
  List of changes (ftp://exim.inode.at/exim/ChangeLogs/ChangeLog-4.76):
  
  PP/01 The new ldap_require_cert option would segfault if used.  Fixed.
  
  PP/02 Harmonised TLS library version reporting; only show if
        debugging.  Layout now matches that introduced for other
        libraries in 4.74 PP/03.
  
  PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
  
  PP/04 New "dns_use_edns0" global option.
  
  PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid.
        Bugzilla 1098.
  
  PP/06 Extra paranoia around buffer usage at the STARTTLS transition.
        nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316
  
  TK/01 Updated PolarSSL code to 0.14.2.
        Bugzilla 1097. Patch from Andreas Metzler.
  
  PP/07 Catch divide-by-zero in ${eval:...}.
        Fixes bugzilla 1102.
  
  PP/08 Condition negation of bool{}/bool_lax{} did not negate.  Fixed.
        Bugzilla 1104.
  
  TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a
        format-string attack -- SECURITY: remote arbitrary code execution.
  
  TK/03 SECURITY - DKIM signature header parsing was double-expanded,
        second time unintentionally subject to list matching rules,
        letting the header cause arbitrary Exim lookups (of items which can
        occur in lists, *not* arbitrary string expansion). This allowed for
        information disclosure.
  
  PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related
        to INT_MIN/-1 -- value coerced to INT_MAX.
  
  New stuff (ftp://exim.inode.at/exim/ChangeLogs/NewStuff-4.76):
  
   1. The global option "dns_use_edns0" may be set to coerce EDNS0 usage
      on or off in the resolver library.
  
  And I am also adding patch for exiqgrep that was taken from
    http://bugs.exim.org/show_bug.cgi?id=1103 [1].
  
  PR: ports/156903 [2], ports/156872 [3]
  Reported-by: Oliver Brandmueller <ob@e-gitt.net> [1], admin@anes.su [2], Alexander Wittig <alexander@wittig.name> [3]
  Approved-by: erwin (mentor)
  Feature-safe: yes
  
  Revision  Changes    Path
  1.259     +1 -1      ports/mail/exim/Makefile
  1.104     +2 -2      ports/mail/exim/distinfo
  1.1       +15 -0     ports/mail/exim/files/patch-exiqgrep.src (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Eygene Ryabinkin freebsd_committer freebsd_triage 2011-05-12 10:27:41 UTC 
State Changed
From-To: open->closed

Fix committed, thanks for submission!