From nobody Thu Mar 7 14:15:51 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TrBD84BQ4z5D5xr; Thu, 7 Mar 2024 14:15:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TrBD81Vsgz3yp5; Thu, 7 Mar 2024 14:15:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1709820952; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Y44aEY0pOj2F4AdZR+gUEDM3WWZ0lKho+v01GUO+anw=; b=ELlqH/Z9XYU/Qq6GnpaiLeisG5vKaNzyYT1yP7HOUdOWl16MsOM3fL05gIFW7AuQuPhwaT UWSC58g0Z61miaxrP9tr5tICokond7JUuPP28hE6rvH73LL8INyxw+r307Ka3aZpOi0ZSu UHNCMJY612XcPcz3WZrc95k3n7IjzJJT2D3Z3ti/j05OtPBbjPvZXByWCW/5mMSIX2zUOF z448m3IFZOtlHbyKJ3WTdBPd/2nJ7H+uhgjDt3ljit8o0PG3W+8s1YZdz8PJ5fuqk+9YgO 5qn0JnrnP3Xf3fFZfcTNuHdvv+R3V/O/ueUThteWXKmVrtEVYF+hj+1kJBa8zQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1709820952; a=rsa-sha256; cv=none; b=aEaWemkdCswSxthsWtifkgAGH6k4t6tcmDYQKJj/Nj/AERgChIuGfs/L+AZi4/stM/VWzq McpLQZFQnyj7rCY4JTp8Bvn7/BkDZaoT1uZD34PLngtOda2HrVd6tbz7ZAyG2S53jJWJhm Q3xvOdPVUS+FCccNXoC6Ko3ISCHVjxKeLlNenJt0gEvyDoVIC0oPvowL1uGrhPkh/0by5Y 65bAtfleTYSHUS9TdOCOnsOD3QObLWkCp4S8H7oUsLhHUgSzXl3IbrkAmpb/EWs28YEg7t ed2Gud7ph8rLNmhjixn4IzTrWjx84cjyxw4k96Btf2jCnuum8lvHD2ZSHBzmyw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1709820952; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Y44aEY0pOj2F4AdZR+gUEDM3WWZ0lKho+v01GUO+anw=; b=dvS5GEKc4t0FPtLxZfRvpNlMaAWZJE9TehjrooT2Gyl2rSEX+tK0yjp8iaUQfPXoU2sTGN UplHcQnHwOT+RJXwMcOxBGAcGOM+F9tfi2xCJhrqydzarnR6mE2no8h9Nia+YrvGReW5DB A7muUB4r671X/4Y2Z4KoUiB6mGgOyl2583AsbvMOZF4mgGo+MqVUh3vV5nL6l8VD3Ntvs/ 3g647Vev3AqlfYYlhot3HSX5ImNVxIMZPbNjn6oaYaeDFrvzPb8n5QAxvnDyQuNmM0muFu n95X8uOT1yCBwUy8QBBVLzEkCcKoFNvaXX+L2lsxvfWQ2B/Ujjkr4kWnClCRZg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TrBD80Xr2zd4g; Thu, 7 Mar 2024 14:15:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 427EFpbi041250; Thu, 7 Mar 2024 14:15:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 427EFpRT041247; Thu, 7 Mar 2024 14:15:51 GMT (envelope-from git) Date: Thu, 7 Mar 2024 14:15:51 GMT Message-Id: <202403071415.427EFpRT041247@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Norikatsu Shigemura Subject: git: d1ebdbe935e6 - main - mail/opendkim: Security fix for CVE-2022-48521 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: nork X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d1ebdbe935e64935459953aa49e47538724736fb Auto-Submitted: auto-generated The branch main has been updated by nork: URL: https://cgit.FreeBSD.org/ports/commit/?id=d1ebdbe935e64935459953aa49e47538724736fb commit d1ebdbe935e64935459953aa49e47538724736fb Author: Yasuhito FUTATSUKI AuthorDate: 2024-03-07 14:15:00 +0000 Commit: Norikatsu Shigemura CommitDate: 2024-03-07 14:15:00 +0000 mail/opendkim: Security fix for CVE-2022-48521 PR: 277319 Security: CVE-2022-48521 Approved by: hrs (mentor), maintainer timeout --- mail/opendkim/Makefile | 2 +- mail/opendkim/files/patch-opendkim_opendkim.c | 36 +++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/mail/opendkim/Makefile b/mail/opendkim/Makefile index 17a8669827dc..9e10cdd23229 100644 --- a/mail/opendkim/Makefile +++ b/mail/opendkim/Makefile @@ -1,6 +1,6 @@ PORTNAME= opendkim PORTVERSION= 2.10.3 -PORTREVISION= 17 +PORTREVISION= 18 CATEGORIES= mail security MASTER_SITES= SF/${PORTNAME} \ SF/${PORTNAME}/Previous%20Releases \ diff --git a/mail/opendkim/files/patch-opendkim_opendkim.c b/mail/opendkim/files/patch-opendkim_opendkim.c new file mode 100644 index 000000000000..8ec336794477 --- /dev/null +++ b/mail/opendkim/files/patch-opendkim_opendkim.c @@ -0,0 +1,36 @@ +commit 7c70ee7c86da1cecc621182355cc950d3b193314 +Author: David Bürgin +Date: Sat Oct 14 09:19:37 2023 +0200 + + Delete Authentication-Results headers in reverse + +diff --git opendkim/opendkim.c opendkim/opendkim.c +index 803f37b0..cfa5f018 100644 +--- opendkim/opendkim.c ++++ opendkim/opendkim.c +@@ -13653,8 +13653,15 @@ mlfi_eom(SMFICTX *ctx) + return SMFIS_TEMPFAIL; + } + +- c = 0; ++ c = 1; ++ + for (hdr = dfc->mctx_hqhead; hdr != NULL; hdr = hdr->hdr_next) ++ { ++ if (strcasecmp(hdr->hdr_hdr, AUTHRESULTSHDR) == 0) ++ c++; ++ } ++ ++ for (hdr = dfc->mctx_hqtail; hdr != NULL; hdr = hdr->hdr_prev) + { + memset(ares, '\0', sizeof(struct authres)); + +@@ -13666,7 +13673,7 @@ mlfi_eom(SMFICTX *ctx) + char *slash; + + /* remember index */ +- c++; ++ c--; + + /* parse the header */ + arstat = ares_parse((u_char *) hdr->hdr_val,