diff options
author | Vlad Glagolev | 2019-09-07 02:46:00 +0000 |
---|---|---|
committer | Vlad Glagolev | 2019-09-07 02:46:00 +0000 |
commit | a1695b4ab01ef635c560971c8bd478f1f1cc87b8 (patch) | |
tree | db6ddbb1e2e57c30712eba265671427434ebde80 /mail | |
parent | 0450bf4c99bcc607ce56593ba7535aa33e66e42b (diff) |
exim: security update
Diffstat (limited to 'mail')
-rwxr-xr-x | mail/exim/DETAILS | 2 | ||||
-rw-r--r-- | mail/exim/HISTORY | 5 | ||||
-rwxr-xr-x | mail/exim/PRE_BUILD | 1 | ||||
-rw-r--r-- | mail/exim/cve-2019-15846.patch | 32 |
4 files changed, 39 insertions, 1 deletions
diff --git a/mail/exim/DETAILS b/mail/exim/DETAILS index 286adbfba2..f9225fa9f1 100755 --- a/mail/exim/DETAILS +++ b/mail/exim/DETAILS @@ -1,6 +1,6 @@ SPELL=exim VERSION=4.91 - SECURITY_PATCH=13 + SECURITY_PATCH=14 SOURCE=$SPELL-$VERSION.tar.bz2 SOURCE2=$SOURCE.asc SOURCE_GPG="exim.gpg:$SOURCE2:VERIFIED_UPSTREAM_KEY" diff --git a/mail/exim/HISTORY b/mail/exim/HISTORY index 078e3085a0..3800246883 100644 --- a/mail/exim/HISTORY +++ b/mail/exim/HISTORY @@ -1,3 +1,8 @@ +2019-09-06 Vlad Glagolev <stealth@sourcemage.org> + * DETAILS: SECURITY_PATCH++ + * PRE_BUILD: apply patch + * cve-2019-15846.patch: added, to fix CVE-2019-15846 + 2019-07-27 Vlad Glagolev <stealth@sourcemage.org> * DETAILS: SECURITY_PATCH++ * PRE_BUILD: apply patch diff --git a/mail/exim/PRE_BUILD b/mail/exim/PRE_BUILD index 79ab1cc762..928954c8ab 100755 --- a/mail/exim/PRE_BUILD +++ b/mail/exim/PRE_BUILD @@ -4,6 +4,7 @@ cd "${SOURCE_DIRECTORY}" && patch -p0 < "${SPELL_DIRECTORY}/config.patch" && patch -p1 < "${SPELL_DIRECTORY}/cve-2019-10149.patch" && patch -p0 < "${SPELL_DIRECTORY}/cve-2019-13917.patch" && +patch -p0 < "${SPELL_DIRECTORY}/cve-2019-15846.patch" && sed -i "/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'/etc/aliases'" \ src/configure.default diff --git a/mail/exim/cve-2019-15846.patch b/mail/exim/cve-2019-15846.patch new file mode 100644 index 0000000000..5c834b49ae --- /dev/null +++ b/mail/exim/cve-2019-15846.patch @@ -0,0 +1,32 @@ +$OpenBSD$ +Index: src/string.c +--- src/string.c.orig ++++ src/string.c +@@ -223,6 +223,8 @@ interpreted in strings. + Arguments: + pp points a pointer to the initiating "\" in the string; + the pointer gets updated to point to the final character ++ If the backslash is the last character in the string, it ++ is not interpreted. + Returns: the value of the character escape + */ + +@@ -235,6 +237,7 @@ const uschar *hex_digits= CUS"0123456789abcdef"; + int ch; + const uschar *p = *pp; + ch = *(++p); ++if (ch == '\0') return **pp; + if (isdigit(ch) && ch != '8' && ch != '9') + { + ch -= '0'; +@@ -1158,8 +1161,8 @@ memcpy(g->s + p, s, count); + g->ptr = p + count; + return g; + } +- +- ++ ++ + gstring * + string_cat(gstring *string, const uschar *s) + { |