OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Christoph Schug
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 07-Jan-2005 09:02:41
Branch: HEAD Handle: 2005010708024000
Added files:
openpkg-src/exim exim.patch
Modified files:
openpkg-src/exim exim.conf exim.spec
Log:
fixed two security issues and typo in config
Summary:
Revision Changes Path
1.2 +1 -1 openpkg-src/exim/exim.conf
1.1 +127 -0 openpkg-src/exim/exim.patch
1.79 +3 -1 openpkg-src/exim/exim.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/exim/exim.conf
============================================================================
$ cvs diff -u -r1.1 -r1.2 exim.conf
--- openpkg-src/exim/exim.conf 24 Jun 2004 12:57:06 -0000 1.1
+++ openpkg-src/exim/exim.conf 7 Jan 2005 08:02:40 -0000 1.2
@@ -68,7 +68,7 @@
dnslookup:
driver = dnslookup
- domains = ! +all_local_domains
+ domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/exim/exim.patch
============================================================================
$ cvs diff -u -r0 -r1.1 exim.patch
--- /dev/null 2005-01-07 09:02:40 +0100
+++ exim.patch 2005-01-07 09:02:41 +0100
@@ -0,0 +1,127 @@
+Security patches regarding two issues discussed at
+http://www.exim.org/mail-archives/exim-announce/2005/msg00000.html
+
+diff -Naur exim-4.43.orig/src/auths/auth-spa.c exim-4.43/src/auths/auth-spa.c
+--- exim-4.43.orig/src/auths/auth-spa.c 2004-10-05 10:32:08.000000000
+0200
++++ exim-4.43/src/auths/auth-spa.c 2005-01-07 08:32:42.000000000 +0100
+@@ -405,7 +405,7 @@
+ }
+
+ int
+-spa_base64_to_bits (char *out, const char *in)
++spa_base64_to_bits (char *out, int outlength, const char *in)
+ /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes
*/
+ {
+ int len = 0;
+@@ -418,6 +418,8 @@
+
+ do
+ {
++ if (len >= outlength)
++ return (-1);
+ digit1 = in[0];
+ if (DECODE64 (digit1) == BAD)
+ return (-1);
+@@ -435,11 +437,15 @@
+ ++len;
+ if (digit3 != '=')
+ {
++ if (len >= outlength)
++ return (-1);
+ *out++ =
+ ((DECODE64 (digit2) << 4) & 0xf0) | (DECODE64 (digit3) >> 2);
+ ++len;
+ if (digit4 != '=')
+ {
++ if (len >= outlength)
++ return (-1);
+ *out++ = ((DECODE64 (digit3) << 6) & 0xc0) | DECODE64 (digit4);
+ ++len;
+ }
+diff -Naur exim-4.43.orig/src/auths/auth-spa.h exim-4.43/src/auths/auth-spa.h
+--- exim-4.43.orig/src/auths/auth-spa.h 2004-10-05 10:32:08.000000000
+0200
++++ exim-4.43/src/auths/auth-spa.h 2005-01-07 08:34:06.000000000 +0100
+@@ -10,6 +10,9 @@
+ * Samba project (by Andrew Tridgell, Jeremy Allison, and others).
+ */
+
++/* December 2004: The spa_base64_to_bits() function has no length checking
in
++it. I have added a check. PH */
++
+ /* It seems that some systems have existing but different definitions of
some
+ of the following types. I received a complaint about "int16" causing
+ compilation problems. So I (PH) have renamed them all, to be on the safe
side.
+@@ -75,7 +78,7 @@
+ #define spa_request_length(ptr) (((ptr)->buffer - (uint8x*)(ptr)) +
(ptr)->bufIndex)
+
+ void spa_bits_to_base64 (unsigned char *, const unsigned char *, int);
+-int spa_base64_to_bits(char *, const char *);
++int spa_base64_to_bits(char *, int, const char *);
+ void spa_build_auth_response (SPAAuthChallenge *challenge,
+ SPAAuthResponse *response, char *user, char *password);
+ void spa_build_auth_request (SPAAuthRequest *request, char *user,
+diff -Naur exim-4.43.orig/src/auths/spa.c exim-4.43/src/auths/spa.c
+--- exim-4.43.orig/src/auths/spa.c 2004-10-05 10:32:08.000000000 +0200
++++ exim-4.43/src/auths/spa.c 2005-01-07 08:35:39.000000000 +0100
+@@ -133,7 +133,7 @@
+ return FAIL;
+ }
+
+-if (spa_base64_to_bits((char *)(&request), (const char *)(data)) < 0)
++if (spa_base64_to_bits((char *)(&request), sizeof(request), (const char
*)(data)) < 0)
+ {
+ DEBUG(D_auth) debug_printf("auth_spa_server(): bad base64 data in "
+ "request: %s\n", data);
+@@ -153,7 +153,7 @@
+ }
+
+ /* dump client response */
+-if (spa_base64_to_bits((char *)(&response), (const char *)(data)) < 0)
++if (spa_base64_to_bits((char *)(&response), sizeof(response), (const char
*)(data)) < 0)
+ {
+ DEBUG(D_auth) debug_printf("auth_spa_server(): bad base64 data in "
+ "response: %s\n", data);
+@@ -319,7 +319,7 @@
+ /* convert the challenge into the challenge struct */
+ DSPA("\n\n%s authenticator: challenge (%s)\n\n",
+ ablock->name, buffer + 4);
+- spa_base64_to_bits ((char *)(&challenge), (const char *)(buffer +
4));
++ spa_base64_to_bits ((char *)(&challenge), sizeof(challenge), (const
char *)(buffer + 4));
+
+ spa_build_auth_response (&challenge, &response,
+ CS username, CS password);
+diff -Naur exim-4.43.orig/src/host.c exim-4.43/src/host.c
+--- exim-4.43.orig/src/host.c 2004-10-05 10:32:08.000000000 +0200
++++ exim-4.43/src/host.c 2005-01-07 08:28:02.000000000 +0100
+@@ -710,12 +710,18 @@
+
+ if (*p == ':') p++;
+
+- /* Split the address into components separated by colons. */
++ /* Split the address into components separated by colons. The input
address
++ is supposed to be checked for syntax. There was a case where this was
++ overlooked; to guard against that happening again, check here and crash if
++ there is a violation. */
+
+ while (*p != 0)
+ {
+ int len = Ustrcspn(p, ":");
+ if (len == 0) nulloffset = ci;
++ if (ci > 7) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
++ "Internal error: invalid IPv6 address \"%s\" passed to host_aton()",
++ address);
+ component[ci++] = p;
+ p += len;
+ if (*p == ':') p++;
+diff -Naur exim-4.43.orig/src/lookups/dnsdb.c exim-4.43/src/lookups/dnsdb.c
+--- exim-4.43.orig/src/lookups/dnsdb.c 2004-10-05 10:32:08.000000000
+0200
++++ exim-4.43/src/lookups/dnsdb.c 2005-01-07 08:28:38.000000000 +0100
+@@ -125,7 +125,7 @@
+ /* If the type is PTR, we have to construct the relevant magic lookup
+ key. This code is now in a separate function. */
+
+-if (type == T_PTR)
++if (type == T_PTR && string_is_ip_address(keystring, NULL))
+ {
+ dns_build_reverse(keystring, buffer);
+ keystring = buffer;
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/exim/exim.spec
============================================================================
$ cvs diff -u -r1.78 -r1.79 exim.spec
--- openpkg-src/exim/exim.spec 1 Jan 2005 10:48:59 -0000 1.78
+++ openpkg-src/exim/exim.spec 7 Jan 2005 08:02:40 -0000 1.79
@@ -34,7 +34,7 @@
Group: Mail
License: GPL
Version: 4.43
-Release: 20041209
+Release: 20050107
# package options
%option with_auth_cram_md5 no
@@ -50,6 +50,7 @@
Source1: rc.exim
Source2: exim.conf
Source3: aliases
+Patch0: exim.patch
# build information
Prefix: %{l_prefix}
@@ -98,6 +99,7 @@
%prep
%setup -q
+ %patch -p1
%{l_shtool} subst \
-e 's;STRING_UNKNOWN;"unknown";g' \
src/smtp_in.c
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
