From owner-cvs-all@FreeBSD.ORG Wed May 11 11:30:17 2011 Return-Path: Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E726A1065670; Wed, 11 May 2011 11:30:17 +0000 (UTC) (envelope-from rea@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id D546A8FC08; Wed, 11 May 2011 11:30:17 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id p4BBUHnc010970; Wed, 11 May 2011 11:30:17 GMT (envelope-from rea@repoman.freebsd.org) Received: (from rea@localhost) by repoman.freebsd.org (8.14.4/8.14.4/Submit) id p4BBUHt8010969; Wed, 11 May 2011 11:30:17 GMT (envelope-from rea) Message-Id: <201105111130.p4BBUHt8010969@repoman.freebsd.org> From: Eygene Ryabinkin Date: Wed, 11 May 2011 11:30:17 +0000 (UTC) To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: ports/mail/exim Makefile distinfo ports/mail/exim/files patch-exiqgrep.src X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2011 11:30:18 -0000 rea 2011-05-11 11:30:17 UTC FreeBSD ports repository Modified files: mail/exim Makefile distinfo Added files: mail/exim/files patch-exiqgrep.src Log: mail/exim: upgrade to 4.76 4.76 is the security release that fixes CVE-2011-1764, format string attack and information leak, both inside the DKIM code. List of changes (ftp://exim.inode.at/exim/ChangeLogs/ChangeLog-4.76): PP/01 The new ldap_require_cert option would segfault if used. Fixed. PP/02 Harmonised TLS library version reporting; only show if debugging. Layout now matches that introduced for other libraries in 4.74 PP/03. PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1 PP/04 New "dns_use_edns0" global option. PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid. Bugzilla 1098. PP/06 Extra paranoia around buffer usage at the STARTTLS transition. nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316 TK/01 Updated PolarSSL code to 0.14.2. Bugzilla 1097. Patch from Andreas Metzler. PP/07 Catch divide-by-zero in ${eval:...}. Fixes bugzilla 1102. PP/08 Condition negation of bool{}/bool_lax{} did not negate. Fixed. Bugzilla 1104. TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a format-string attack -- SECURITY: remote arbitrary code execution. TK/03 SECURITY - DKIM signature header parsing was double-expanded, second time unintentionally subject to list matching rules, letting the header cause arbitrary Exim lookups (of items which can occur in lists, *not* arbitrary string expansion). This allowed for information disclosure. PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to INT_MIN/-1 -- value coerced to INT_MAX. New stuff (ftp://exim.inode.at/exim/ChangeLogs/NewStuff-4.76): 1. The global option "dns_use_edns0" may be set to coerce EDNS0 usage on or off in the resolver library. And I am also adding patch for exiqgrep that was taken from http://bugs.exim.org/show_bug.cgi?id=1103 [1]. PR: ports/156903 [2], ports/156872 [3] Reported-by: Oliver Brandmueller [1], admin@anes.su [2], Alexander Wittig [3] Approved-by: erwin (mentor) Feature-safe: yes Revision Changes Path 1.259 +1 -1 ports/mail/exim/Makefile 1.104 +2 -2 ports/mail/exim/distinfo 1.1 +15 -0 ports/mail/exim/files/patch-exiqgrep.src (new)