CVSROOT: /cvs
Module name: ports
Changes by: st...@cvs.openbsd.org 2012/10/26 02:50:07
Modified files:
mail/exim : Tag: OPENBSD_5_2 Makefile
Added files:
mail/exim/patches: Tag: OPENBSD_5_2 patch-src_dkim_c
patch-src_pdkim_pdkim_h
Log message:
SECURITY fix for Exim CVE-2012-5671 - Remote code execution with DKIM decoding
Workaround: "You are not vulnerable if <...> you put this at the start
of an ACL plumbed into acl_smtp_connect or acl_smtp_rcpt:
warn control = dkim_disable_verify"
This is backported from the diff between exim 4.80 and 4.80.1
(not updating fully to 4.80.1 yet as this small diff is safer to commit)
same diff rpointel@
