diff options
author | Dima Panov <fluffy@FreeBSD.org> | 2021-05-05 01:57:17 +1000 |
---|---|---|
committer | Dima Panov <fluffy@FreeBSD.org> | 2021-05-05 01:57:17 +1000 |
commit | 0a629bd71087f75c3b334edb53b01ec68709ab60 (patch) | |
tree | 7d9c838702ca91a5b1b07b7364b739220ccbd5c2 /mail/exim/Makefile | |
parent | x11-fonts/stix-fonts: upgrade to v2.13 (diff) |
mail/exim: update to 4.94.2 security release
* New upstream security release.
+ Release based on +fixes branch.
+ Fixes multiple security vulnerabilities reported by Qualys and adds
related robustness improvements. (Special thanks to Heiko)
CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
CVE-2020-28007: Link attack in Exim's log directory
CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
CVE-2020-28012: Missing close-on-exec flag for privileged pipe
CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
CVE-2020-28009: Integer overflow in get_stdinput()
CVE-2020-28015, CVE-28021: New-line injection into spool header file
CVE-2020-28026: Line truncation and injection in spool_read_header()
CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
CVE-2020-28017: Integer overflow in receive_add_recipient()
CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
CVE-2020-28011: Heap buffer overflow in queue_run()
CVE-2020-28010: Heap out-of-bounds write in main()
CVE-2020-28018: Use-after-free in tls-openssl.c
CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
CVE-2020-28014, CVE-2021-27216: PID file handling
CVE-2020-28008: Assorted attacks in Exim's spool directory
CVE-2020-28019: Failure to reset function pointer after BDAT error
* Incorporate debian patches to turn taint failures into warnings.
Diffstat (limited to 'mail/exim/Makefile')
-rw-r--r-- | mail/exim/Makefile | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/mail/exim/Makefile b/mail/exim/Makefile index 03104b5be175..b66114db3c6b 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -2,7 +2,7 @@ PORTNAME= exim PORTVERSION?= ${EXIM_VERSION} -PORTREVISION?= 5 +PORTREVISION?= 0 CATEGORIES= mail MASTER_SITES= EXIM:exim MASTER_SITE_SUBDIR= /exim4/:exim \ @@ -65,6 +65,33 @@ SPF_LIB_DEPENDS= libspf2.so:mail/libspf2 SQLITE_LIB_DEPENDS= libicudata.so:devel/icu SQLITE_USES= pkgconfig sqlite +TAINTWARN_PATCHES_PREFIX= ${FILESDIR}/debian/75 +TAINTWARN_EXTRA_PATCHES= \ + ${TAINTWARN_PATCHES_PREFIX}_01-Introduce-main-config-option-allow_insecure_tainted_.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_02-search.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_03-dbstuff.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_04-acl.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_05-parse.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_06-rda.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_07-appendfile.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_08-autoreply.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_09-pipe.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_10-deliver.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_11-directory.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_12-expand.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_13-lf_sqlperform.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_14-rf_get_transport.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_15-deliver.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_16-smtp_out.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_17-smtp.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_18-update-doc.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_20-Set-mainlog_name-and-rejectlog_name-unconditionally.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_21-tidy-log.c.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_22-Silence-compiler.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_24-Silence-the-compiler.patch:-p1 \ + ${TAINTWARN_PATCHES_PREFIX}_26-Disable-taintchecks-for-mkdir-this-isn-t-part-of-4.9.patch:-p1 + .include <bsd.port.options.mk> # OCSP is supported for openssl only @@ -104,7 +131,7 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch-Local-sa-exim.c EXTRA_PATCHES+= ${FILESDIR}/extra-patch-Local-sa-exim.conf .endif -EXIM_VERSION= 4.94 +EXIM_VERSION= 4.94.2 SA_EXIM_VERSION=4.2.1 EXIM_INSTALL_ARG+= "-no_chown" "-no_symlink" EXTRA_PATCHES+= `${FIND} ${PATCHDIR} -name '74_*.patch'|${SORT} -h` |