Please see: https://github.com/trusteddomainproject/OpenDKIM/issues/148 https://github.com/advisories/GHSA-3q5m-9r3g-pqfj A Fix is available from: https://github.com/trusteddomainproject/OpenDKIM/pull/189 (Although this PR is against develop branch, the diff can be applied clearly against OpenDKIM 2.10.3)
Created attachment 248773 [details] a patch to add a patch file address CVE-2022-48521, and fix BUG 276704 Here is a proposed patch to add a patch file brought from https://github.com/trusteddomainproject/OpenDKIM/pull/189. It also contains a fix for Bug #276704, by restricting lua version in Makefile.
Created attachment 248780 [details] a patch to add a patch file address CVE-2022-48521 As I've found the cause of BUG 276704, I update my patch without changing USES line.
ping
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=d1ebdbe935e64935459953aa49e47538724736fb commit d1ebdbe935e64935459953aa49e47538724736fb Author: Yasuhito FUTATSUKI <freebsd-bug-report-yf@yf.bsdclub.org> AuthorDate: 2024-03-07 14:15:00 +0000 Commit: Norikatsu Shigemura <nork@FreeBSD.org> CommitDate: 2024-03-07 14:15:00 +0000 mail/opendkim: Security fix for CVE-2022-48521 PR: 277319 Security: CVE-2022-48521 Approved by: hrs (mentor), maintainer timeout mail/opendkim/Makefile | 2 +- .../opendkim/files/patch-opendkim_opendkim.c (new) | 36 ++++++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-)
I'll handle this.
Committed, done. Thanks!